[guardian-dev] supporting SOCKS on Android via a custom SocketFactory

Michael Rogers michael at briarproject.org
Tue Sep 6 09:56:54 EDT 2016


On 06/09/16 11:54, Hans-Christoph Steiner wrote:
> Have you run tests yet of HTTPS verification using your technique?  You
> can take code from the NetCipher tests if you want.

Thanks, that's a good idea. We've tried it with a few HTTPS sites but
haven't done any testing in depth.

> I don't remember details now, but I know that when doing tricks with how
> Socket instances are created on Android, important pieces went missing,
> like hostname verification.  In cases like these, it is important to
> remember that Android != Java.  Android only promises to provide what
> they document in their SDK docs, not all of Java.  And many companies
> choose to take that opportunity to get lazy/sloppy with their builds of
> Android.

Unfortunately these device-specific issues are hard to test on anything
except a pile of real devices - any suggestions for how to reduce the
manual testing workload?

Cheers,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x9FC527CC.asc
Type: application/pgp-keys
Size: 4660 bytes
Desc: not available
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20160906/c3833ea1/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20160906/c3833ea1/attachment-0001.sig>


More information about the guardian-dev mailing list