Android忽略自签名证书 [英] Android ignore self signed certificate
问题描述
我的Android应用正在连接到https自签名服务器&使用客户端证书(.cer文件)可以正常工作.
My Android App is connecting to https self-signed server & it is working fine with using client certificates (.cer file).
可以不使用客户端证书将Android App连接到https自签名服务器.->如果答案为是",则可以使用哪个库.我知道这不是实现最佳方法,因为它是https服务器,但这就是我所需要的.
Can Android App be connected to https self-signed server WITHOUT using client Certificates. --> If answers is YES then which library can be used for that. I know this would not be best method to achieve as it is https server, but this is what i need.
推荐答案
您可以为此使用Volley Android库.
You can use Volley Android library for that.
您将需要在您的应用程序类的onCreate()上添加以下代码.通过基本上覆盖X509证书,您将接受所有证书.
You will need to add the below code on the onCreate() of your application class. By overwriting the X509Certificate basically you will accept all certificates.
try {
TrustManager[] victimizedManager = new TrustManager[]{
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
X509Certificate[] myTrustedAnchors = new X509Certificate[0];
return myTrustedAnchors;
}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}
};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, victimizedManager, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
} catch (Exception e) {
e.printStackTrace();
}
这篇关于Android忽略自签名证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!