In OkHttp3, the following is deprecated [A]:
sslSocketFactory(SSLSocketFactory sslSocketFactory)
It is replaced by [B]:
sslSocketFactory(SSLSocketFactory sslSocketFactory, X509TrustManager trustManager).
Here are my questions:
What is the use of X509TrustManager in [B] ?
What are the advantages of using [B] rather than [A] when a TrustManager can already be specified when creating a SSLSocketFactory object?
In https://square.github.io/okhttp/3.x/okhttp/okhttp3/OkHttpClient.Builder.html#sslSocketFactory-javax.net.ssl.SSLSocketFactory- they talk about avoiding reflection when using [B], could somebody explain?
More info:
When creating a SSLSocketFactory object, it is already possible to specify a trustManager in
sslContext.init(KeyManager[] arg0, TrustManager[] arg1, SecureRandom arg2).
For example, I get a SSLSocketFactory object by doing:
public SSLSocketFactory getSSLSocketFactory() {
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(getKeyManager(), getTrustManager(), new SecureRandom());
return sslContext.getSocketFactory();
}
With getTrustManager() a method that returns a TrustManager[], which contains the servers' certificate the client should trust.
Now, since
sslSocketFactory(SSLSocketFactory sslSocketFactory, X509TrustManager trustManager)
expects me to provide a X509TrustManager object, I deal with this by doing:
OkHttpClient okClient = new OkHttpClient.Builder().sslSocketFactory(getSSLSocketFactory(), (X509TrustManager) getTrustManager()[0]).build();
However, I have the feeling this is not how they were expecting us to use it. So any inputs are welcome.
Thanks.