TheYann TheYann - 8 days ago 5
Android Question

Now that SSLSocketFactory is deprecated on Android, what would be the best way to handle Client Certificate Authentication?

I am working on an Android app that requires Client Certificate Authentication (with PKCS 12 files).
Following the deprecation of all that's apache.http.*, we have started a pretty big work of refactoring on our network layer, and we have decided to go with OkHttp as a replacement, and so far I like that very much.

However, I haven't found any other way to handle client certificate auth without using SSLSocketFactory, with OkHttp or anything else for that matter. So what would be the best course of action in this particular case?
Is there another way with OkHttp to handle this sort of authentication?

Thanks a lot in advance.

Answer

Apparently, there are two SSLSocketFactory classes. HttpClient has its own one, and that is deprecated along with the rest of HttpClient. However, everybody else will be using the more conventional javax.net.ssl edition of SSLSocketFactory, which is not deprecated (thank $DEITY).