Docs: Added a link to Updating Your Security Provider to Protect Against

author Jonathan Dormody <jond@google.com>

Wed, 8 Nov 2017 23:58:16 +0000 (16:58 -0700)

committer Jonathan Dormody <jond@google.com>

Thu, 9 Nov 2017 00:13:58 +0000 (17:13 -0700)
author Jonathan Dormody <jond@google.com>
Wed, 8 Nov 2017 23:58:16 +0000 (16:58 -0700)
committer Jonathan Dormody <jond@google.com>
Thu, 9 Nov 2017 00:13:58 +0000 (17:13 -0700)
diff --git a/core/java/android/net/SSLCertificateSocketFactory.java b/core/java/android/net/SSLCertificateSocketFactory.java

index b56437e..6542200 100644 (file)
--- a/core/java/android/net/SSLCertificateSocketFactory.java
+++ b/core/java/android/net/SSLCertificateSocketFactory.java
@@ -62,7 +62,12 @@ import javax.net.ssl.X509TrustManager;
   * This implementation does check the server's certificate hostname, but only
   * for createSocket variants that specify a hostname.  When using methods that
   * use {@link InetAddress} or which return an unconnected socket, you MUST
- * verify the server's identity yourself to ensure a secure connection.</p>
+ * verify the server's identity yourself to ensure a secure connection.
+ *
+ * Refer to
+ * <a href="https://developer.android.com/training/articles/security-gms-provider.html">
+ * Updating Your Security Provider to Protect Against SSL Exploits</a>
+ * for further information.</p>
   *
   * <p>One way to verify the server's identity is to use
   * {@link HttpsURLConnection#getDefaultHostnameVerifier()} to get a
author	Jonathan Dormody <jond@google.com>
	Wed, 8 Nov 2017 23:58:16 +0000 (16:58 -0700)
committer	Jonathan Dormody <jond@google.com>
	Thu, 9 Nov 2017 00:13:58 +0000 (17:13 -0700)