DEVHIDE
Login Or Sign up

onReceivedSslError fixed but still showing error

1k Views Asked by At

I got an "onReceivedSslError" error in my Play Console account as in the screenshot. enter image description here

I have handled the onReceivedSslError in all WebViewClients and show the required warning message. Then I sent the version to the market and got approval. The version has been released, but it still says this error is in this version, as seen above, under the version. Why is it showing up even though I applied it to all WebViewClients?

Related document sent: https://support.google.com/faqs/answer/7071387

@Override
        public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
            Utilities.showAlertDialog(getActivity(),
                    "SSL Certificate Error", Utilities.getSslErrorMessage(error.getPrimaryError()),
                    getString(R.string.common_continue),
                    getString(R.string.order_detail_product_cancel),
                    () -> handler.proceed(),
                    () -> {
                        handler.cancel();
                    });
        }


public static String getSslErrorMessage(int primaryErrorCode){
    String message = "SSL Certificate error.";
    switch (primaryErrorCode) {
        case SslError.SSL_UNTRUSTED:
            message = "The certificate authority is not trusted.";
            break;
        case SslError.SSL_EXPIRED:
            message = "The certificate has expired.";
            break;
        case SslError.SSL_IDMISMATCH:
            message = "The certificate Hostname mismatch.";
            break;
        case SslError.SSL_NOTYETVALID:
            message = "The certificate is not yet valid.";
            break;
    }
    message += " Do you want to continue anyway?";
    return message;
}

Edit: The error turned yellow on the Play Console after a while, then it stopped coming at all. And I got an email that the error persists. I don't understand why this is so.

enter image description here

I'm on version 75 right now.

UPDATE II: I was still getting an error because of the webview used in the 3d verification screen in the payment sdk I used. So I asked them to fix the sdk. Right now I can't submit a version to the Play Store without fixing this error. But my existing application is still live with the last version I sent.

android-webview android-security sslerrorhandler
Original Q&A
1

There are 1 best solutions below

6
On

Although you have handled the onReceivedSslError in all WebViewClients and shown the required warning message, it is possible that there are still some code paths that are not handled properly.

If you reviewed your code again and made sure that you are handling all possible scenarios in the onReceivedSslError method (including showing the warning message properly), make sure that you disabled SSL/TLS certificate validation.

Could you please post the code snippet in the screenshot, in textual form, to be examined in more detail?

UPDATE (after OP posted code snippet):

While it seems you have correctly implemented the SSL error handling logic in your WebViewClients, it seems that your problem lies in the way your Utilities.showAlertDialog(...) is handling proceed() vs. cancel().

In my working code (also deployed to Google Play, without an issue), my dialog allows clicking "proceed" or "cancel" for all errors, except for SSL_IDMISMATCH which is always handled as "proceed":

        if (error.getPrimaryError() != SslError.SSL_IDMISMATCH) {
            final AlertDialog dialog = builder.create();
            dialog.show();
        }
        else {
            handler.proceed();
        }

Does this help?

UPDATE II (after OP responded that the above did not help):

I am posting here the complete onReceivedSslError(...) that works on Google Play:

@Override
public void onReceivedSslError (WebView view, final SslErrorHandler handler, SslError error) {        
    final AlertDialog.Builder builder = new AlertDialog.Builder(this.mMeWebView.getContext());
    String message;
    switch (error.getPrimaryError()) {
        case SslError.SSL_EXPIRED:
            message = "The certificate has expired.";
            break;
        case SslError.SSL_IDMISMATCH:
            message = "The certificate Hostname mismatch.";
            break;
        case SslError.SSL_NOTYETVALID:
            message = "The certificate is not yet valid.";
            break;
        case SslError.SSL_UNTRUSTED:
            message = "The certificate authority is not trusted.";
            break;
        default:
            message = "Unknown SSL error.";
            break;
    }
    message += " Do you want to continue anyway?";

    builder.setTitle("SSL Certificate Error");
    builder.setMessage(message);
    builder.setPositiveButton("continue", new DialogInterface.OnClickListener() {
        @Override
        public void onClick(DialogInterface dialog, int which) {
            handler.proceed();
        }
    });
    builder.setNegativeButton("cancel", new DialogInterface.OnClickListener() {
        @Override
        public void onClick(DialogInterface dialog, int which) {
            handler.cancel();
        }
    });
    if (error.getPrimaryError() != SslError.SSL_IDMISMATCH) {
        final AlertDialog dialog = builder.create();
        dialog.show();
    }
    else {
        handler.proceed();
    }
}

It is not pretty as yours (Java8+ guidelines) but it works.

Related Questions in ANDROID-WEBVIEW

Related Questions in ANDROID-SECURITY

Related Questions in SSLERRORHANDLER

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.