public HttpClientVM() {
BasicHttpParams params = new BasicHttpParams();
ConnManagerParams.setMaxTotalConnections(params, 10);
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setUseExpectContinue(params, false);
HttpConnectionParams.setStaleCheckingEnabled(params, true);
HttpConnectionParams.setConnectionTimeout(params, 30000);
HostnameVerifier hostnameVerifier=
org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme("http",socketFactory, 80));
schemeRegistry.register(new Scheme("https",socketFactory, 443));
ThreadSafeClientConnManager manager = new ThreadSafeClientConnManager(params, schemeRegistry);
// Set verifier
client = new DefaultHttpClient(manager, params);
}
Window7的,HttpClient4异常:javax.net.ssl.SSLPeerUnverifiedException:同行未被认证
在执行时:client.accessURL(url)
;它发生:
Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:495)
at org.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:62)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
如何从这一端删除安全措施来解决另一端的问题?该TrustManager代码甚至不符合规范。 – EJP 2012-03-06 05:30:25
我没有看到你的观点。问题来自客户端,因此我们只需要改变它。哪一种TrustManager代码行不符合规范? – bnguyen82 2012-03-06 06:25:10
getAcceptedIssuers()指定永不返回null。您发布的代码根本不安全。它不能解决任何问题,它只会产生另一个问题,例如易受中间人攻击。 – EJP 2012-03-06 07:29:38