Android的HttpClient的 - 主机名的证书不匹配< example.com> !=< * example.com>不匹配、主机名、证书、HttpClient
我使用的是Android上的HttpClient连接到 https://someUrl.com/somePath 。问题是,该网站的证书是* .someUrl.com,不someUrl.com,所以我得到一个异常SSLException。拉梅在网站上的一部分,是的,但除非我能得到固定,我坚持。有没有一种方法可以让我得到的HttpClient放松和接受证书?
I'm using HttpClient on Android to connect to https://someUrl.com/somePath. The problem is that the site's certificate is for *.someUrl.com, not someUrl.com, so I get an SSLException. Lame on the part of the site, yes, but unless I can get it fixed, I'm stuck. Is there a way I can get HttpClient to relax and accept the certificate?
推荐答案
这是我(编)解决方案:
This is my (edited) solution:
class MyVerifier extends AbstractVerifier {
private final X509HostnameVerifier delegate;
public MyVerifier(final X509HostnameVerifier delegate) {
this.delegate = delegate;
}
@Override
public void verify(String host, String[] cns, String[] subjectAlts)
throws SSLException {
boolean ok = false;
try {
delegate.verify(host, cns, subjectAlts);
} catch (SSLException e) {
for (String cn : cns) {
if (cn.startsWith("*.")) {
try {
delegate.verify(host, new String[] {
cn.substring(2) }, subjectAlts);
ok = true;
} catch (Exception e1) { }
}
}
if(!ok) throw e;
}
}
}
public DefaultHttpClient getTolerantClient() {
DefaultHttpClient client = new DefaultHttpClient();
SSLSocketFactory sslSocketFactory = (SSLSocketFactory) client
.getConnectionManager().getSchemeRegistry().getScheme("https")
.getSocketFactory();
final X509HostnameVerifier delegate = sslSocketFactory.getHostnameVerifier();
if(!(delegate instanceof MyVerifier)) {
sslSocketFactory.setHostnameVerifier(new MyVerifier(delegate));
}
return client;
}
有具有不改变的默认行为,除非有一个通配符域的优势,并且在此情况下它重新验证好像2部分域(例如,someUrl.com)是证书的一部分,否则原始异常是重新抛出。这意味着真正的无效证书仍会失败。
It has the advantage of not changing the default behavior unless there is a wildcard domain, and in that case it revalidates as though the 2 part domain (e.g., someUrl.com) were part of the certificate, otherwise the original exception is rethrown. That means truly invalid certs will still fail.
