-
-
Save chalup/8706740 to your computer and use it in GitHub Desktop.
| private static OkHttpClient getUnsafeOkHttpClient() { | |
| try { | |
| // Create a trust manager that does not validate certificate chains | |
| final TrustManager[] trustAllCerts = new TrustManager[] { | |
| new X509TrustManager() { | |
| @Override | |
| public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { | |
| } | |
| @Override | |
| public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { | |
| } | |
| @Override | |
| public java.security.cert.X509Certificate[] getAcceptedIssuers() { | |
| return null; | |
| } | |
| } | |
| }; | |
| // Install the all-trusting trust manager | |
| final SSLContext sslContext = SSLContext.getInstance("SSL"); | |
| sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); | |
| // Create an ssl socket factory with our all-trusting manager | |
| final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); | |
| OkHttpClient okHttpClient = new OkHttpClient(); | |
| okHttpClient.setSslSocketFactory(sslSocketFactory); | |
| okHttpClient.setHostnameVerifier(new HostnameVerifier() { | |
| @Override | |
| public boolean verify(String hostname, SSLSession session) { | |
| return true; | |
| } | |
| }); | |
| return okHttpClient; | |
| } catch (Exception e) { | |
| throw new RuntimeException(e); | |
| } | |
| } |
It' work. First l don't write
okHttpClient.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
It is not working
Working!
This isn't working for me. I'm getting "Failed to validate the certificate chain, error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found."
good!)
Thanks for response. I was banging my head against wall during lunch time... :+1
Note this approach doesn't work any more with current versions of OkHttp . With 3.1.1 it seems completely broken. From 3.1.2 onwards, X509TrustManager.getAcceptedIssuers() must return an empty array instead of null. For more information, see this commit (scroll down and see the notes under RealTrustRootIndex.java).
This is awesome! It worked for me but be warned your requests for images will not go through! anyone have a workaround for that ?
@jbxberg thank you so much for that comment. Returning an empty array works like a charm!!
Real trouble!!
@jbxberg Yes, your comment has been definitely useful.
I want ignore SLL ,but its not work,why? who can help me ,
Caused by: java.lang.NullPointerException: Attempt to get length of null array at okhttp3.internal.tls.TrustRootIndex$BasicTrustRootIndex.<init>(TrustRootIndex.java:90) at okhttp3.internal.tls.TrustRootIndex.get(TrustRootIndex.java:48) at okhttp3.internal.tls.TrustRootIndex.get(TrustRootIndex.java:43) at okhttp3.internal.platform.Platform.buildCertificateChainCleaner(Platform.java:147) at okhttp3.internal.platform.AndroidPlatform.buildCertificateChainCleaner(AndroidPlatform.java:159) at okhttp3.internal.tls.CertificateChainCleaner.get(CertificateChainCleaner.java:41) at okhttp3.OkHttpClient$Builder.sslSocketFactory(OkHttpClient.java:602)
facing same problem.
+1 to @jbxberg, avoiding the java.lang.NullPointerException: Attempt to get length of null array error is as simple as replacing this:
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
with this:
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[0];
}
+1 @cpgree Good Job!
good job
I tweaked the code a bit to work with OkHttp3
https://gist.github.com/mefarazath/c9b588044d6bffd26aac3c520660bf40
Thanks mefarazath!
Ignores all SSL is bad idea.
Using https://network-security.haipq.com to get config ssl for Android
Thanks a lot! This works for me. Although ignoring all the SSL certificates are dangerous, but if we only use it for local development environment, it should be fine.
License?
I have this error.
java.lang.RuntimeException: java.lang.IllegalStateException: trustManager.acceptedIssuers must not be null
at com.example.advertiseapp.API_Package.RetrofitClientBase.getUnsafeOkHttpClient(RetrofitClientBase.java:103)
at com.example.advertiseapp.API_Package.RetrofitClientBase.getEmpConnectService(RetrofitClientBase.java:40)
at com.example.advertiseapp.API_Package.RetrofitClientBase.initInstance(RetrofitClientBase.java:33)
at com.example.advertiseapp.API_Package.RetrofitClientBase.getRetrofitInstance(RetrofitClientBase.java:29)
at com.example.advertiseapp.RegisterDeviceActivity.LogInApi(RegisterDeviceActivity.java:157)
at com.example.advertiseapp.RegisterDeviceActivity.access$000(RegisterDeviceActivity.java:56)
at com.example.advertiseapp.RegisterDeviceActivity$1.onClick(RegisterDeviceActivity.java:136)
at android.view.View.performClick(View.java:6597)
at android.view.View.performClickInternal(View.java:6574)
at android.view.View.access$3100(View.java:778)
at android.view.View$PerformClick.run(View.java:25885)
at android.os.Handler.handleCallback(Handler.java:873)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:193)
at android.app.ActivityThread.main(ActivityThread.java:6669)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)
Caused by: java.lang.IllegalStateException: trustManager.acceptedIssuers must not be null
at okhttp3.internal.platform.Platform.buildTrustRootIndex(Platform.kt:169)
at okhttp3.internal.platform.AndroidPlatform.buildTrustRootIndex(AndroidPlatform.kt:168)
at okhttp3.internal.platform.Platform.buildCertificateChainCleaner(Platform.kt:159)
at okhttp3.internal.platform.AndroidPlatform.buildCertificateChainCleaner(AndroidPlatform.kt:157)
at okhttp3.internal.tls.CertificateChainCleaner$Companion.get(CertificateChainCleaner.kt:42)
at okhttp3.OkHttpClient$Builder.sslSocketFactory(OkHttpClient.kt:728)
at com.example.advertiseapp.API_Package.RetrofitClientBase.getUnsafeOkHttpClient(RetrofitClientBase.java:92)
at com.example.advertiseapp.API_Package.RetrofitClientBase.getEmpConnectService(RetrofitClientBase.java:40)
at com.example.advertiseapp.API_Package.RetrofitClientBase.initInstance(RetrofitClientBase.java:33)
at com.example.advertiseapp.API_Package.RetrofitClientBase.getRetrofitInstance(RetrofitClientBase.java:29)
at com.example.advertiseapp.RegisterDeviceActivity.LogInApi(RegisterDeviceActivity.java:157)
at com.example.advertiseapp.RegisterDeviceActivity.access$000(RegisterDeviceActivity.java:56)
at com.example.advertiseapp.RegisterDeviceActivity$1.onClick(RegisterDeviceActivity.java:136)
at android.view.View.performClick(View.java:6597)
at android.view.View.performClickInternal(View.java:6574)
at android.view.View.access$3100(View.java:778)
at android.view.View$PerformClick.run(View.java:25885)
at android.os.Handler.handleCallback(Handler.java:873)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:193)
at android.app.ActivityThread.main(ActivityThread.java:6669)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)
you are a life saver.
I have this error.
java.lang.RuntimeException: java.lang.IllegalStateException: trustManager.acceptedIssuers must not be null
at com.example.advertiseapp.API_Package.RetrofitClientBase.getUnsafeOkHttpClient(RetrofitClientBase.java:103)
...
Replace
@Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; }
With
@Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[]{}; }
Hi @chalup Can u license your code to Apache 2.0 same as okhttp library?
When I try it in my code, I have an exception javax.net.ssl.SSLHandshakeException: Handshake failed when I do int response_code = conn.getResponseCode();
Any idea of where I'm wrong ? (I'm using Robospice and okHttp)