The network interceptor allows you to configure the following properties:
Trust Manager X509TrustManager used to clean the certificate chain Default: Platform default X509TrustManager created through TrustManagerFactory
Log List Service A LogListService providing log_list.json and log_list.sig byte data from the network. Can be used to override the OkHttpClient by creating through LogListDataSourceFactory.createLogListService. Default: log_list.json and log_list.sig byte data loaded from https://www.gstatic.com/ct/log_list/v3/log_list.json
Log List Data Source A DataSource providing a list of LogServer. Default: In memory cached log list loaded from https://www.gstatic.com/ct/log_list/v3/log_list.json
Policy CTPolicy which will verify correct number of SCTs are present Default: Policy which follows rules of Chromium CT Policy
Fail On Error Determine if a failure to pass certificate transparency
results in the connection being closed. A value of true ensures the connection
is closed on errors
Default: true
Logger CTLogger
which will be called with all results. On Android you can use the provided
BasicAndroidCTLogger
which logs with the tag CertificateTransparency by setting
logger = BasicAndroidCRLogger(BuildConfig.DEBUG) using your apps
BuildConfig.
Default: none
Hosts Verify certificate transparency for hosts that match a pattern which
is a lower-case host name or wildcard pattern such as *.example.com.
Certificate Chain Provider Factory Provide a custom implementation of a certificate chain cleaner. Default: Platform default factory which resolves to AndroidCertificateChainCleaner or BasicCertificateChainCleaner.
In addition to all of the properties above the hostname verifier ensures you provide a delegate hostname verifier which is used to first verify the hostname before the certificate transparency checks occur.