I am using Picasso to cache Images. Our backend recently switched to HTTPS using self signed certificate pinning as authentication. I used the khandroid library to create an HTTP client that pins the certificates to each request; basically following this example.

http://ogrelab.ikratko.com/using-android-volley-with-self-signed-certificate/

I now need to apply this same concept to Picasso but am unsure how to modify Picasso's singleton to use pinned SSL certificates.

Turns out I was Just looking in the wrong place. I was attempting to modify the OkHttpDownloader, but I needed to modify the OkHttpClient. Here is some sample code.

public static Picasso getInstance(Context context) {
        if (sPicasso == null) {
            InputStream keyStore = context.getResources().openRawResource(R.raw.my_keystore);
            Picasso.Builder builder = new Picasso.Builder(context);
            OkHttpClient okHttpClient = new OkHttpClient();
            SSLContext sslContext;
            try {
                sslContext = SSLContext.getInstance("TLS");
                sslContext.init(null, new TrustManager[]{new SsX509TrustManager(keyStore, password)}, null);
                okHttpClient.setSslSocketFactory(sslContext.getSocketFactory());
                OkHttpDownloader okHttpDownloader = new OkHttpDownloader(okHttpClient);
                builder.downloader(okHttpDownloader);
                sPicasso = builder.build();
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalStateException("Failure initializing default SSL context", e);
            } catch (KeyManagementException e) {
                throw new IllegalStateException("Failure initializing default SSL context", e);
            } catch (GeneralSecurityException e) {
                e.printStackTrace();
            }
        }

        return sPicasso;
    }