thanks. i was hoping that a system X509_Store was exposed in some way. i'll check out the JNI code.
On Wednesday, January 2, 2013 1:31:42 PM UTC-5, Brian Carlstrom wrote: > > You probably shouldn't try to copy the trust anchor list. Since 4.0 it > can be changed dynamically by the user. You should probably use a JNI > call to use the SDK TrustManager to verify certificate chains. That is > what the Browser and Chrome do. Part of the new implementation in 4.0 > was to avoid loading all CAs in memory, so that only the ones that are > used get loaded. If you enumerate all the CAs to import them, you'll > also create a lot of garbage in memory. > > -bri > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/2pGJVR2vD_IJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
