要须心地收汗马,孔孟行世目杲杲。这篇文章主要讲述改进HTTPS连接无法在Android中运行相关的知识,希望能为你提供帮助。
我收到了一个信任锚错误。我尝试使用http://www.snip2code.com/Snippet/25364/Get-OkHttpClient-which-ignores-all-SSL-e进行https连接,但这会返回错误。
D/Retrofit﹕ javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:328)
答案尝试使用以下示例代码:
private TrustManager[] getWrappedTrustManagers(TrustManager[] trustManagers) {
final X509TrustManager originalTrustManager = (X509TrustManager) trustManagers[0];
return new TrustManager[]{
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return originalTrustManager.getAcceptedIssuers();
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
try {
originalTrustManager.checkClientTrusted(certs, authType);
} catch (CertificateException ignored) {
}
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
try {
originalTrustManager.checkServerTrusted(certs, authType);
} catch (CertificateException ignored) {
}
}
}
};
}private SSLSocketFactory getSSLSocketFactory()
throws CertificateException, KeyStoreException, IOException,
NoSuchAlgorithmException, KeyManagementException {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = getResources().openRawResource(R.raw.your_cert);
// your certificate file
Certificate ca = cf.generateCertificate(caInput);
caInput.close();
KeyStore keyStore = KeyStore.getInstance("BKS");
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
TrustManager[] wrappedTrustManagers = getWrappedTrustManagers(tmf.getTrustManagers());
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, wrappedTrustManagers, null);
return sslContext.getSocketFactory();
}
然后,您可以在项目中设置OkHttpClient,如下所示:
okHttpClient.setSslSocketFactory(getSSLSocketFactory());
关于
setHostnameVerifier,看起来你的问题链接中有一个解决方案。【改进HTTPS连接无法在Android中运行】希望这可以帮助!
推荐阅读
- 在Glassfish Application Server中导入SSL证书
- Android(自动选择调试/发布Maps v2 api密钥())
- 用于过滤用例的AppSync DynamoDB解析器
- 将App Engine URL分派给Compute Engine实例
- 我可以在不使用gradle的情况下使用Xamarin.Android中的Android数据绑定库吗(不是MVVM for dotnet)
- 如何在android中获取cognito中的其他用户数据
- 保护REST API以供Android客户端使用
- 关闭xp默认共享的小攻略
- 玩转win xp个性图标的技巧