(android) Okhttp3 忽略证书问题

 final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager { @Override public void checkClientTrusted java.security.cert.X509Certificate[] chain, String authType throws CertificateException { } @Override public void checkServerTrusted java.security.cert.X509Certificate[] chain, String authType throws CertificateException { } @Override public java.security.cert.X509Certificate[] getAcceptedIssuers { return null; } } }; // Install the all-trusting trust manager final SSLContext sslContext = SSLContext.getInstance"SSL"; sslContext.initnull, trustAllCerts, new java.security.SecureRandom; // Create an ssl socket factory with our all-trusting manager final javax.net.ssl.SSLSocketFactory sslSocketFactory = sslContext .getSocketFactory; client.newBuilder.sslSocketFactorysslSocketFactory; client.newBuilder.hostnameVerifiernew HostnameVerifier { @Override public boolean verifyString hostname, SSLSession session { // TODO Auto-generated method stub return true; } };

这是按照网上写的忽略证书方法,经测试
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
01-11 11:48:40.566 12086-12655/com.p2peye.manage W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshakeOpenSSLSocketImpl.java:327
无效。
请教大家可有什么高招。

 private static void setSSL throws Exception{ SSLContext sc = SSLContext.getInstance"SSL"; sc.initnull, new TrustManager[]{new X509TrustManager { @Override public X509Certificate[] getAcceptedIssuers { return null; } @Override public void checkClientTrustedX509Certificate[] chain, String authType throws CertificateException { } @Override public void checkServerTrustedX509Certificate[] chain, String authType throws CertificateException { } }}, new SecureRandom; client.setSslSocketFactorysc.getSocketFactory; client.setHostnameVerifiernew HostnameVerifier { @Override public boolean verifyString hostname, SSLSession session { return true; } }; }

这是我忽略证书的代码,感觉和提主的差不多,是不是不用client.newBuilder 直接使用client会生效。
可以尝试下,不过我这边不是3.0的版本是2.5

看着像是你们协议使用了自签名证书,让你们服务器端给客户端签一张证书嵌在客户端中,采取证书校验方式,不要忽略。

下面这两句有问题:

client.newBuilder.sslSocketFactorysslSocketFactory;
client.newBuilder.hostnameVerifiernew HostnameVerifier...

改成

client = client.newBuilder.sslSocketFactorysslSocketFactory
.hostnameVerifiernew HostnameVerifier....build;

这样才是使用了新的 client

发表评论

电子邮件地址不会被公开。 必填项已用*标注