Docs: Added a link to Updating Your Security Provider to Protect Against

SSL Exploits Test: make ds-docs Bug: 19110275 Change-Id: I3b0a35715c16c4e30a47aab9cbaf991770426c57
author: Jonathan Dormody <jond@google.com> 2017-11-08 16:58:16 -0700
committer: Jonathan Dormody <jond@google.com> 2017-11-08 17:13:58 -0700
commit: f72e8263c7e08d3e4a04de29c17bbada2bd2829a (patch)
tree: bfd3eeee32b44bcec1d4d461f8004809f082a239
parent: 44cd5b97ad6a131a51ba95473769839e2dcb6269 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/core/java/android/net/SSLCertificateSocketFactory.java b/core/java/android/net/SSLCertificateSocketFactory.java
index b56437eba167..654220065e4e 100644
--- a/core/java/android/net/SSLCertificateSocketFactory.java
+++ b/core/java/android/net/SSLCertificateSocketFactory.java
@@ -62,7 +62,12 @@ import javax.net.ssl.X509TrustManager;
  * This implementation does check the server's certificate hostname, but only
  * for createSocket variants that specify a hostname.  When using methods that
  * use {@link InetAddress} or which return an unconnected socket, you MUST
- * verify the server's identity yourself to ensure a secure connection.</p>
+ * verify the server's identity yourself to ensure a secure connection.
+ *
+ * Refer to
+ * <a href="https://developer.android.com/training/articles/security-gms-provider.html">
+ * Updating Your Security Provider to Protect Against SSL Exploits</a>
+ * for further information.</p>
  *
  * <p>One way to verify the server's identity is to use
  * {@link HttpsURLConnection#getDefaultHostnameVerifier()} to get a
author	Jonathan Dormody <jond@google.com>	2017-11-08 16:58:16 -0700
committer	Jonathan Dormody <jond@google.com>	2017-11-08 17:13:58 -0700
commit	f72e8263c7e08d3e4a04de29c17bbada2bd2829a (patch)
tree	bfd3eeee32b44bcec1d4d461f8004809f082a239
parent	44cd5b97ad6a131a51ba95473769839e2dcb6269 (diff)