phpstudy集成环境

 首页 > Okhttp3 忽略证书问题

Okhttp3 忽略证书问题

       final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
            @Override
            public void checkClientTrusted(
                    java.security.cert.X509Certificate[] chain,
                    String authType) throws CertificateException {
            }

            @Override
            public void checkServerTrusted(
                    java.security.cert.X509Certificate[] chain,
                    String authType) throws CertificateException {
            }

            @Override
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        } };

        // Install the all-trusting trust manager
        final SSLContext sslContext = SSLContext.getInstance("SSL");
        sslContext.init(null, trustAllCerts,
                new java.security.SecureRandom());
        // Create an ssl socket factory with our all-trusting manager
        final javax.net.ssl.SSLSocketFactory sslSocketFactory = sslContext
                .getSocketFactory();

        client.newBuilder().sslSocketFactory(sslSocketFactory);
        client.newBuilder().hostnameVerifier(new HostnameVerifier() {

            @Override
            public boolean verify(String hostname, SSLSession session) {
                // TODO Auto-generated method stub
                return true;

            }
        });

这是按照网上写的忽略证书方法,经测试
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
01-11 11:48:40.566 12086-12655/com.p2peye.manage W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:327)
无效。
请教大家可有什么高招。

看着像是你们协议使用了自签名证书,让你们服务器端给客户端签一张证书嵌在客户端中,采取证书校验方式,不要忽略。

下面这两句有问题:

client.newBuilder().sslSocketFactory(sslSocketFactory);
client.newBuilder().hostnameVerifier(new HostnameVerifier()...

改成

client = client.newBuilder().sslSocketFactory(sslSocketFactory)
.hostnameVerifier(new HostnameVerifier()...).build();

这样才是使用了新的 client

      private static void setSSL() throws Exception{
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, new TrustManager[]{new X509TrustManager() {
            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override
            public void checkClientTrusted(X509Certificate[] chain,
                    String authType) throws CertificateException {
                
            }

            @Override
            public void checkServerTrusted(X509Certificate[] chain,
                    String authType) throws CertificateException {
                
            }
        }}, new SecureRandom());
        client.setSslSocketFactory(sc.getSocketFactory());
        client.setHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        });
    }

这是我忽略证书的代码,感觉和提主的差不多,是不是不用client.newBuilder() 直接使用client会生效。
可以尝试下,不过我这边不是3.0的版本是2.5

【热门文章】
【热门文章】