您的位置: 首页  >  技术问答  >  禁用HTTPS连接的SSL证书验证?

禁用HTTPS连接的SSL证书验证?

分类: 技术问答 2022-09-22 16:57:35
问题描述:

当我想打开一个HTTPS连接时,我得到SSL异常。如何设置HttpURLConnection以便对此异常不敏感?禁用HTTPS连接的SSL证书验证?

我的代码是:

private String getData() { 
    String response = null; 
    String connection = "https://www.kamalan.com/"; 

    try { 
     URL url = new URL(connection); 
     Log.i(TAG, "Try to open: " + connection); 
     HttpURLConnection conn = (HttpURLConnection) url.openConnection(); 

     int responseCode = conn.getResponseCode(); 
     Log.i(TAG, "Response code is: " + responseCode); 
     if (responseCode == HttpURLConnection.HTTP_OK) { 
      BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream())); 
      if (in != null) { 
       StringBuilder strBuilder = new StringBuilder();    
       int ch = 0; 
       while ((ch = in.read()) != -1) 
        strBuilder.append((char) ch); 

       // get returned message and show it 
       response = strBuilder.toString(); 
       Log.i("JSON returned by server:", response); 
      } 

      in.close(); 

     } else { 
      Log.e(TAG, "Couldn't open connection in getResepiItems()"); 
     } 
    } catch (SSLException e) { 
     e.printStackTrace(); 
    } catch (IOException e) { 
     e.printStackTrace(); 
    } 

    return response; 
}
+0

什么是logcat的说,下面的方法是什么? –

+0

@Morrison Chang这是log cat中的错误'导致:java.security.cert.CertificateException:java.security.cert.CertPathValidatorException:未找到认证路径的信任锚'。 –

+1

你看到这个SO帖子:http: //*.com/questions/6825226/trust-anchor-not-found-for-android-ssl-connection? –

按照下面的方法,它为我工作。

 URL url = new URL("Your URL"); 
     HttpsURLConnection urlConnection =(HttpsURLConnection) url.openConnection(); urlConnection.setSSLSocketFactory(SSLCertificateSocketFactory.getInsecure(0, null)); 
     urlConnection.setHostnameVerifier(getHostnameVerifier()); 
     InputStream is = urlConnection.getInputStream(); 
     OutputStream os = new FileOutputStream(downloadedFile); 
     byte[] data = new byte[1024]; 
     int count; 
     while ((count = is.read(data)) != -1) { 
      os.write(data, 0, count); 
     } 
     os.flush(); 
     os.close(); 
     is.close();

用于设置主机名

private HostnameVerifier getHostnameVerifier() { 
     HostnameVerifier hostnameVerifier = new HostnameVerifier() { 
      @Override 
      public boolean verify(String hostname, SSLSession session) { 
       HostnameVerifier hv = 
         HttpsURLConnection.getDefaultHostnameVerifier(); 
       return hv.verify("com.example.com", session); 
      } 
     }; 
     return hostnameVerifier; 
    }
+0

它的工作原理如何?为什么?所有这些废话只不过是针对固定主机名来验证会话。没有说明这一点,如果有的话。不要对未引用的文本使用引号格式, – EJP

相关推荐