忽略 Apache HttpClient 4.3 中的 SSL 证书 [英] Ignoring SSL certificate in Apache HttpClient 4.3

问题描述

如何忽略Apache HttpClient 4.3<的SSL证书(信任所有)/a>?

How to ignore SSL certificate (trust all) for Apache HttpClient 4.3?

我在 SO 上找到的所有答案都适用于以前的版本，并且 API 已更改.

All the answers that I have found on SO treat previous versions, and the API changed.

相关:

• 如何忽略 SSL 证书错误Apache HttpClient 4.0
• 如何使用 Apache HttpClient 处理无效的 SSL 证书?
• 需要信任所有证书使用Spring开发
• 忽略 Java 的 SSL 证书错误

• 它仅用于测试目的.孩子们，不要在家里(或在生产中)尝试

推荐答案

以下代码适用于信任自签名证书.您必须使用 创建客户端时的 TrustSelfSignedStrategy:

The code below works for trusting self-signed certificates. You have to use the TrustSelfSignedStrategy when creating your client:

SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
        builder.build());
CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(
        sslsf).build();

HttpGet httpGet = new HttpGet("https://some-server");
CloseableHttpResponse response = httpclient.execute(httpGet);
try {
    System.out.println(response.getStatusLine());
    HttpEntity entity = response.getEntity();
    EntityUtils.consume(entity);
} finally {
    response.close();
}

我没有故意包含 SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER:重点是允许使用自签名证书进行测试，因此您不必从证书颁发机构获取正确的证书.您可以使用正确的主机名轻松创建自签名证书，因此不要添加 SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER 标志.

I did not include the SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER on purpose: The point was to allow testing with self signed certificates so you don't have to acquire a proper certificate from a certification authority. You can easily create a self-signed certificate with the correct host name, so do that instead of adding the SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER flag.

这篇关于忽略 Apache HttpClient 4.3 中的 SSL 证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！