本文同步至http://javaexception.com/archives/30
问题:
之前的一个开源项目碰到了一个问题,Fix CertPathValidatorException: Trust anchor for certification path not found.
问题在于自建后台的站点用的是免费的ssl证书,okhttp默认会进行https签名校验,所以需要去掉这种校验。
解决办法:
OkHttpClient.Builder builder = new OkHttpClient.Builder();
final TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {
} @Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {
} @Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[]{};
}
}
};
try {
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
builder.sslSocketFactory(sslSocketFactory, (X509TrustManager) trustAllCerts[0]);
builder.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
} catch (Exception e) {
e.printStackTrace();
}
builder.connectTimeout(20, TimeUnit.SECONDS).readTimeout(20, TimeUnit.SECONDS);
OkHttpClient client = builder.build();
链接如下:
https://github.com/leanote/leanote-android/commit/52ff2e80a3d900fd6804dd69a8da82a68474c9ce
这个开源项目也值得学习下 https://github.com/leanote/leanote-android