0

I am trying to use the sdk from babylon to test CT in android app. I tried as given here https://github.com/babylonhealth/certificate-transparency-android

but I am getting the logs System.out: xxx.xxx.xxx.xxxx.org -> Success: SCT not enabled for insecure connection

I am very sure these are secure connections and I have valid SCT for those. When I digged in to the code, I can see that `

val host = chain.request().url().host()
        val certs = chain.connection()?.handshake()?.peerCertificates()?.map { it as X509Certificate } ?: emptyList()

        val result = if (chain.connection()?.socket() is SSLSocket) {
            verifyCertificateTransparency(host, certs)
        } else {
            VerificationResult.Success.InsecureConnection(host)
        }`

its coming to the else part and thus giving the error. I am see that the connection is having null value. Any idea what could be wrong.

appmattus
  • 2,788
  • 25
  • 16
png
  • 4,368
  • 7
  • 69
  • 118

1 Answers1

0

Without knowing the full URL being used it is quite hard to know what issue you were having. The code "should" only reach the else when it is an insecure connection (i.e. http instead of https).

The library does have a logging mechanism in place that may help debugging issues. When creating the okhttp interceptor, set logger = BasicAndroidCRLogger(BuildConfig.DEBUG).

appmattus
  • 2,788
  • 25
  • 16