我正在尝试连接到运行godaddy 256位SSL证书的IIS6盒子,我收到错误:
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
一直试图确定可能导致这种情况的原因,但现在正在绘制空白.
这是我如何连接:
HttpsURLConnection conn;
conn = (HttpsURLConnection) (new URL(mURL)).openConnection();
conn.setConnectTimeout(20000);
conn.setDoInput(true);
conn.setDoOutput(true);
conn.connect();
String tempString = toString(conn.getInputStream());
我正在努力解决一个奇怪的问题,同时在Android中使用HttpURLConnection进行webservice api调用.我只使用Android版本4.2.2获得以下异常.它在Android 4.0.3,4.3和4.4及更高版本中运行良好.我正在使用下面的代码进行服务api调用.
HttpURLConnection mConn = (HttpURLConnection)mUrl.openConnection();
mConn.addRequestProperty("Connection", "close");
mConn.setConnectTimeout(CONNECTION_TIMEOUT);
mConn.setReadTimeout(SOCKET_TIMEOUT);
mConn.setUseCaches(true);
mConn.setRequestMethod("POST");
String param = Utils.appendQueryParams(null,this.stringparams);
mConn.setDoInput(true);
mConn.setDoOutput(true);
mConn.setFixedLengthStreamingMode(param.getBytes().length);
mConn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
mConn.setRequestProperty("Accept", "application/json");
mConn.connect();
PrintWriter out = new PrintWriter(mConn.getOutputStream());
out.print(param);
out.close();
这是例外(仅在Android SDK版本4.2.2中)
08-18 11:43:22.663 26427-26485/com.abc.xyz W/System.err? javax.net.ssl.SSLHandshakeException: com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException: IssuerName(CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US) does not match SubjectName(CN=Go Daddy Root Certificate Authority - G2, OU=https://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US) of signing certificate.
08-18 11:43:22.833 26427-26485/com.abc.xyz W/System.err? at …security android web-services httpurlconnection ssl-certificate
我需要抓取已过期/自签名证书的公司内部网站.没有人会为该主机配置有效的证书,所以我必须使用不安全的连接.
curl--insecure为此目的有旗帜,
Scala finagle库有.tlsWithoutValidation()模式.
问题:Kotlin库有类似的选择吗?
UPD:到目前为止,我正在使用Fuel和这里发现的大量解决方法,但仍在寻找更好的方法..
fun useInsecureSSL() {
// Create a trust manager that does not validate certificate chains
val trustAllCerts = arrayOf<TrustManager>(object : X509TrustManager {
override fun getAcceptedIssuers(): Array<X509Certificate>? = null
override fun checkClientTrusted(chain: Array<X509Certificate>, authType: String) = Unit
override fun checkServerTrusted(chain: Array<X509Certificate>, authType: String) = Unit
})
val sc = SSLContext.getInstance("SSL")
sc.init(null, trustAllCerts, java.security.SecureRandom())
HttpsURLConnection.setDefaultSSLSocketFactory(sc.socketFactory)
// Create all-trusting host name verifier
val allHostsValid = HostnameVerifier …I'm using OkHttp 3.12.2 on Android 9 (Pixel 2 device) and try to connect to an nginx 1.14.0 running with OpenSSL 1.1.1. The nginx is capable of TLSv1.3, I verified this with Firefox 66.0.2 on Ubuntu 18.04, Chrome 73.0 on Android 9 and ChromeOS 72.0.
However, OkHttp always negotiates TLSv1.2. I also tried to set a RESTRICTED_TLS ConnectionSpec, but it didn't help.
I did not find a specific instruction on how to get TLSv1.3 working on Android. I know …