我在默认的httpclient中寻找忽略所有ssl错误(例如不可信)的可能性。我在这里看到了很多解决方案,但是我必须导入一个特定的证书并将它添加到trustmanager,或者它用于DefaultHttpClient的HttpsUrlConnection instad。 我使用webrequests是:忽略DefaultHttpClient中的ssl错误
public static String makeGETRequest(String s,String encoding)
{
DefaultHttpClient http = new DefaultHttpClient();
final String username = "USERNAME";
final String password = "PASSWORD";
UsernamePasswordCredentials c = new UsernamePasswordCredentials(username,password);
BasicCredentialsProvider cP = new BasicCredentialsProvider();
cP.setCredentials(AuthScope.ANY, c);
http.setCredentialsProvider(cP);
HttpResponse res;
try {
res = http.execute(new HttpGet(s));
InputStream is = res.getEntity().getContent();
BufferedInputStream bis = new BufferedInputStream(is);
ByteArrayBuffer baf = new ByteArrayBuffer(50);
int current = 0;
while((current = bis.read()) != -1){
baf.append((byte)current);
}
return new String(baf.toByteArray(),encoding);
}
catch (ClientProtocolException e) {
// TODO Auto-generated catch block
return "error: " + e.getMessage();
}
catch (IOException e) {
// TODO Auto-generated catch block
return "error: " + e.getMessage();
}
}
和:
public static String makePOSTRequest(String s, List <NameValuePair> nvps,String encoding)
{
DefaultHttpClient http = new DefaultHttpClient();
final String username = "USERNAME";
final String password = "PASSWORD";
UsernamePasswordCredentials c = new UsernamePasswordCredentials(username,password);
BasicCredentialsProvider cP = new BasicCredentialsProvider();
cP.setCredentials(AuthScope.ANY, c);
http.setCredentialsProvider(cP);
HttpResponse res;
try {
HttpPost httpost = new HttpPost(s);
httpost.setEntity(new UrlEncodedFormEntity(nvps, HTTP.DEFAULT_CONTENT_CHARSET));
res = http.execute(httpost);
InputStream is = res.getEntity().getContent();
BufferedInputStream bis = new BufferedInputStream(is);
ByteArrayBuffer baf = new ByteArrayBuffer(50);
int current = 0;
while((current = bis.read()) != -1){
baf.append((byte)current);
}
res = null;
httpost = null;
String ret = new String(baf.toByteArray(),encoding);
return ret;
}
catch (ClientProtocolException e) {
// TODO Auto-generated catch block
return e.getMessage();
}
catch (IOException e) {
// TODO Auto-generated catch block
return e.getMessage();
}
}
没有人知道如何忽略这个代码SSL错误?
编辑: 因为我相信只有一个特定的(已过期)证书,我尝试覆盖DefaultHttpClient以下列方式:
public class MyHttpClient extends DefaultHttpClient {
final Context context;
public MyHttpClient(Context context) {
this.context = context;
}
@Override protected ClientConnectionManager createClientConnectionManager() {
SchemeRegistry registry = new SchemeRegistry();
registry.register(
new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(new Scheme("https", newSslSocketFactory(), 443));
return new SingleClientConnManager(getParams(), registry);
}
private SSLSocketFactory newSslSocketFactory() {
try {
KeyStore trusted = KeyStore.getInstance("BKS");
InputStream in = context.getResources().openRawResource(R.raw.mykeystore);
try {
trusted.load(in, "mypassword".toCharArray());
} finally {
in.close();
}
return new SSLSocketFactory(trusted);
} catch (Exception e) {
throw new AssertionError(e);
}
}
}
在R.raw文件。 mykeystore是一个.bks文件,我使用Portecle创建,我创建了一个新的bks并导入了已过期证书的存储区域,它看起来可以正常工作,而且密钥存储没有错误,但是如果我执行请求, IO异常与消息“没有对等证书”,可能是什么问题?
“忽略SSL错误(例如不信任)”是不安全的。请参阅RFC 2246.如果您不希望它安全,为什么要使用SSL? – EJP
感谢转化为评论;)正如我写的,过期的SSL证书来自第三方代理,我告诉他们安装一个有效的代理,但我必须wirite快速解决方法,以使我的客户的功能,而证书已过期... – 2red13
按照EJP的评论,有选择性地容忍过期证书并让绝对通过任何证书是非常不同的事情。 – Bruno