I want to get the whole chain of certificates when Android webview fails to trust a server certificate. My WebViewClient looks like this :
onReceivedSslError(final WebView webView, final SslErrorHandler handler, final SslError error) {
if (sslVerifier.verify(webView, error.getCertificate())) {
handler.proceed();
} else {
handler.cancel();
Toast.makeText(webView.getContext(), "Invalid server certificate", Toast.LENGTH_SHORT).show();
}
}
Above sslVerifier.verify() method somehow verifies the whole chain with the pinned certificate in the app.
Basically I am trying to implement dynamic ssl pinning ( certificates cannot be pinned at build time of the app).
Yes, I can achieve dynamic ssl pinning by different ways, one of them may be :
- To use custom TrustManager to get SSLSession and verify the whole chain from that SSLSession. But that solution I don't like mainly because I have to halt the loading process of webview to fetch certificates from the dynamic url that user provides in the webview ( or somehow the webview gets the url dynamically ). So, my question is - is there a way to simply fetch the chain of certificates inside onReceivedSslError() when the trust fails ? Any help will be much appreciated.