noa*_*oah 18 java ssl android wildcard-subdomain httpclient
我在Android上使用HttpClient连接到https://someUrl.com/somePath.问题是网站的证书是针对*.someUrl.com而不是someUrl.com的,所以我得到了一个SSLException.网站上有跛脚,是的,但除非我能解决这个问题,否则我会陷入困境.有没有办法让HttpClient放松并接受证书?
noa*_*oah 33
这是我的(编辑过的)解决方案:
class MyVerifier extends AbstractVerifier {
private final X509HostnameVerifier delegate;
public MyVerifier(final X509HostnameVerifier delegate) {
this.delegate = delegate;
}
@Override
public void verify(String host, String[] cns, String[] subjectAlts)
throws SSLException {
boolean ok = false;
try {
delegate.verify(host, cns, subjectAlts);
} catch (SSLException e) {
for (String cn : cns) {
if (cn.startsWith("*.")) {
try {
delegate.verify(host, new String[] {
cn.substring(2) }, subjectAlts);
ok = true;
} catch (Exception e1) { }
}
}
if(!ok) throw e;
}
}
}
public DefaultHttpClient getTolerantClient() {
DefaultHttpClient client = new DefaultHttpClient();
SSLSocketFactory sslSocketFactory = (SSLSocketFactory) client
.getConnectionManager().getSchemeRegistry().getScheme("https")
.getSocketFactory();
final X509HostnameVerifier delegate = sslSocketFactory.getHostnameVerifier();
if(!(delegate instanceof MyVerifier)) {
sslSocketFactory.setHostnameVerifier(new MyVerifier(delegate));
}
return client;
}
除非存在通配符域,否则它具有不更改默认行为的优点,并且在这种情况下,它重新验证,就像2部分域(例如,someUrl.com)是证书的一部分一样,否则重新抛出原始异常.这意味着真正无效的证书仍然会失败.
| 归档时间: |
|
| 查看次数: |
26011 次 |
| 最近记录: |