堆栈内存溢出
  简体   繁体   English

使用地图,播放服务,分析等功能的Android应用中的SSL证书固定

[英]SSL Certificate pinning in Android app that uses maps, play services, analytics etc

 原文  2015-08-26 08:31:07       android/ ssl/ ssl-certificate

问题描述

Corresponding issue on github issue tracker github问题跟踪器上的相应问题

I have been doing a fair bit of reading about preventing man in the middle attacks on my app using tools like Charles, Fiddler, mitm etc. I liked the idea of pinning my server's SSL certificate since that means all other certs will throw an error which is what I want. 我一直在阅读有关使用Charles,Fiddler,mitm等工具防止人对我的应用程序进行中间攻击的文章。我喜欢固定服务器的SSL证书的想法,因为这意味着所有其他证书都会抛出错误,是我想要的

But, the app uses libs like google maps, play services, analytics tools etc which must be using their own SSL certs. 但是,该应用使用的库必须为Google Maps,播放服务,分析工具等,这些库必须使用自己的SSL证书。 Does it mean that I would need to manually pin the certs of all these libs too? 这是否意味着我也需要手动固定所有这些库的证书? What's the common way to deal with such a situation? 处理这种情况的常用方法是什么?

1 个解决方案

解决方案1
 1 已采纳  2015-09-09 09:50:01

不,您不需要固定第三方库的证书,因为它们不使用配置了CertificatePinnerOkHttpClient实例。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Android SSL 证书固定 - Android SSL Certificate pinning Android SSL证书固定与改造 - Android SSL certificate pinning with retrofit SSL证书固定不再适用于Android 9 - SSL Certificate Pinning not working anymore on Android 9 禁用SSL证书固定 - Disable SSL certificate pinning 证书固定和SSL - Certificate pinning and SSL SSL固定证书 - SSL Pinning Certificate Android / iOS 应用内浏览器上的证书固定 - Certificate Pinning on Android / iOS in-App Browser 如何以编程方式在原生层 Android 中实现 SSL 证书锁定 - How to implement SSL Certificate Pinning in Native Layer Android programmatically SSL证书与Picasso钉扎 - SSL Certificate Pinning w/ Picasso Google地图未出现Android应用-Actionbarsherlock + Google Play服务 - Google Maps not appearing Android App — Actionbarsherlock + google play services
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM