Login/Register
What is the alternate for onReceivedSslError() in Webview?
Asked Answered
ssl-certificateandroid-webviewandroid-securitysslerrorhandler
C

0

1

I am working on app that will connect user with available open WIFIs by providing their landing pages (having login option) in the app. Google is showing alert for using onReceivedSslError() in WebView for loading Wifi's landing page in the app.

If I remove this method then link will not work. In order to make it functional I need to add the domain name in the network_security_config.xml file but I do not know which link will be shown by wifi's vendors as it is not in my control. This insist me to use onReceivedSslError() method in Webview. I am showing alert dialog inside onReceivedSslError() to ask user if he wants to continue or not.

 AlertDialog.Builder builder = new AlertDialog.Builder(this);
        builder.setMessage("SSL Certificate Verification!\nPlease click on CONTINUE to open login 
page of selected Wifi");
        builder.setPositiveButton("continue", new DialogInterface.OnClickListener() {
            @Override
            public void onClick(DialogInterface dialog, int which) {
                handler.proceed();
            }
        });
        builder.setNegativeButton("cancel", new DialogInterface.OnClickListener() {
            @Override
            public void onClick(DialogInterface dialog, int which) {
                handler.cancel();
                finish();
            }
        });
        final AlertDialog dialog = builder.create();
        dialog.show();`

Error getting inside onReceivedSslError()

error.getPrimaryError() : 3 SSL_UNTRUSTED

I have tried this too https://www.rgagnon.com/javadetails/java-fix-certificate-problem-in-HTTPS.html but again not working .

Any available link is not solving my issue. Kindly guide me. Thanks in advance

Cotter answered 29/1, 2021 at 5:1 Comment(6)
Will you go throw that link https://mcmap.net/q/267177/-android-webview-get-sslerror-ssl_untrusted-but-certificate-is-validPacific
I have gone through the link. But how can I fix the untrusted chain of link as I mentioned in my question I do not know the link as it is third party link . My work is to open it in webview.Cotter
Is this SSL_UNTRUSTED reported for some specific URLs, or it happens for all Wi-Fi vendors?Warehouse
@AlexCohn almost for all ..Cotter
See https://mcmap.net/q/265866/-webview-how-to-avoid-security-alert-from-google-play-upon-implementation-of-onreceivedsslerror. Your code may not be the problem for this alert.Warehouse
This solution may be suited for you: https://mcmap.net/q/267178/-check-in-the-onreceivedsslerror-method-of-a-webviewclient-if-a-certificate-is-signed-from-a-specific-self-signed-ca. Note that the popup dialog that you show is not very informative to the end-user. What is wrong with SSL Certificate Verification? What this Certificate is, in the first place? What are the downsides of choosing CONTINUE? Maybe, Google wants you to give a better explanation to a non-professional user.Warehouse

© 2022 - 2024 — McMap. All rights reserved.