From f72e8263c7e08d3e4a04de29c17bbada2bd2829a Mon Sep 17 00:00:00 2001
From: Jonathan Dormody <jond@google.com>
Date: Wed, 8 Nov 2017 16:58:16 -0700
Subject: Docs: Added a link to Updating Your Security Provider to Protect
 Against SSL Exploits

Test: make ds-docs

Bug: 19110275
Change-Id: I3b0a35715c16c4e30a47aab9cbaf991770426c57
---
 core/java/android/net/SSLCertificateSocketFactory.java | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/core/java/android/net/SSLCertificateSocketFactory.java b/core/java/android/net/SSLCertificateSocketFactory.java
index b56437eba167..654220065e4e 100644
--- a/core/java/android/net/SSLCertificateSocketFactory.java
+++ b/core/java/android/net/SSLCertificateSocketFactory.java
@@ -62,7 +62,12 @@ import javax.net.ssl.X509TrustManager;
  * This implementation does check the server's certificate hostname, but only
  * for createSocket variants that specify a hostname.  When using methods that
  * use {@link InetAddress} or which return an unconnected socket, you MUST
- * verify the server's identity yourself to ensure a secure connection.</p>
+ * verify the server's identity yourself to ensure a secure connection.
+ *
+ * Refer to
+ * <a href="https://developer.android.com/training/articles/security-gms-provider.html">
+ * Updating Your Security Provider to Protect Against SSL Exploits</a>
+ * for further information.</p>
  *
  * <p>One way to verify the server's identity is to use
  * {@link HttpsURLConnection#getDefaultHostnameVerifier()} to get a
-- 
cgit v1.2.3-59-g8ed1b