如何使用apache httpclient 4.0绕过无效的ssl证书错误?
mftmpeh816#
我们使用的是httpclient 4.3.5,我们尝试了stackoverflow上几乎所有的解决方案,但是都没有,在思考和解决问题之后,我们得到了下面的代码,它工作得很好,只是在创建httpclient示例之前添加了它。发出post请求时要调用的某些方法。。。。
SSLContextBuilder builder = new SSLContextBuilder(); builder.loadTrustMaterial(null, new TrustStrategy() { @Override public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; } }); SSLConnectionSocketFactory sslSF = new SSLConnectionSocketFactory(builder.build(), SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslSF).build(); HttpPost postRequest = new HttpPost(url);
以正常形式继续您的请求
ukqbszuj17#
如果您只想消除无效的主机名错误,您只需执行以下操作:
HttpClient httpClient = new DefaultHttpClient(); SSLSocketFactory sf = (SSLSocketFactory)httpClient.getConnectionManager() .getSchemeRegistry().getScheme("https").getSocketFactory(); sf.setHostnameVerifier(new AllowAllHostnameVerifier());
x8diyxa718#
对于apache httpclient 4.4:
HttpClientBuilder b = HttpClientBuilder.create(); SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() { public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { return true; } }).build(); b.setSslcontext( sslContext); // or SSLConnectionSocketFactory.getDefaultHostnameVerifier(), if you don't want to weaken HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier); Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create() .register("http", PlainConnectionSocketFactory.getSocketFactory()) .register("https", sslSocketFactory) .build(); // allows multi-threaded use PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager( socketFactoryRegistry); b.setConnectionManager( connMgr); HttpClient client = b.build();
这是从我们实际的工作实现中提取出来的。其他答案很流行,但对于httpclient4.4来说,它们不起作用。我花了好几个小时尝试各种可能性,但似乎在4.4版本中发生了极其重大的api更改和重新定位。另请参见以下更全面的解释:http://literatejava.com/networks/ignore-ssl-certificate-errors-apache-httpclient-4-4/希望有帮助!
xzv2uavs19#
作为记录,使用httpclient 4.3.6进行测试,并与fluent api的executor兼容:
CloseableHttpClient httpClient = HttpClients.custom(). setHostnameVerifier(new AllowAllHostnameVerifier()). setSslcontext(new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() { public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { return true; } }).build()).build();
nkkqxpd920#
为了记录在案,有一种更简单的方法可以用httpclient4.1实现同样的功能
SSLSocketFactory sslsf = new SSLSocketFactory(new TrustStrategy() { public boolean isTrusted( final X509Certificate[] chain, String authType) throws CertificateException { // Oh, I am easy... return true; } });
sshcrbum21#
apache httpclient 4.5.5版
HttpClient httpClient = HttpClients .custom() .setSSLContext(new SSLContextBuilder().loadTrustMaterial(null, TrustAllStrategy.INSTANCE).build()) .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE) .build();
没有使用不推荐使用的api。简单可验证测试用例:
package org.apache.http.client.test; import org.apache.http.HttpResponse; import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.impl.client.HttpClients; import org.apache.http.ssl.SSLContextBuilder; import org.junit.Before; import org.junit.Test; import java.io.IOException; import java.security.KeyManagementException; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; public class ApacheHttpClientTest { private HttpClient httpClient; @Before public void initClient() throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException { httpClient = HttpClients .custom() .setSSLContext(new SSLContextBuilder().loadTrustMaterial(null, TrustAllStrategy.INSTANCE).build()) .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE) .build(); } @Test public void apacheHttpClient455Test() throws IOException { executeRequestAndVerifyStatusIsOk("https://expired.badssl.com"); executeRequestAndVerifyStatusIsOk("https://wrong.host.badssl.com"); executeRequestAndVerifyStatusIsOk("https://self-signed.badssl.com"); executeRequestAndVerifyStatusIsOk("https://untrusted-root.badssl.com"); executeRequestAndVerifyStatusIsOk("https://revoked.badssl.com"); executeRequestAndVerifyStatusIsOk("https://pinning-test.badssl.com"); executeRequestAndVerifyStatusIsOk("https://sha1-intermediate.badssl.com"); } private void executeRequestAndVerifyStatusIsOk(String url) throws IOException { HttpUriRequest request = new HttpGet(url); HttpResponse response = httpClient.execute(request); int statusCode = response.getStatusLine().getStatusCode(); assert statusCode == 200; } }
mqkwyuun22#
只是在更新的httpclient 4.5上必须这样做,而且似乎他们从4.4开始就不赞成使用一些东西,所以下面是一个代码片段,它适用于我,并使用了最新的api:
final SSLContext sslContext = new SSLContextBuilder() .loadTrustMaterial(null, (x509CertChain, authType) -> true) .build(); return HttpClientBuilder.create() .setSSLContext(sslContext) .setConnectionManager( new PoolingHttpClientConnectionManager( RegistryBuilder.<ConnectionSocketFactory>create() .register("http", PlainConnectionSocketFactory.INSTANCE) .register("https", new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE)) .build() )) .build();
ncecgwcz23#
所有其他答案要么被否决,要么不适用于httpclient4.3。下面是一种在构建http客户机时允许所有主机名的方法。
CloseableHttpClient httpClient = HttpClients .custom() .setHostnameVerifier(new AllowAllHostnameVerifier()) .build();
或者,如果您使用的是版本4.4或更高版本,则更新的呼叫如下所示:
CloseableHttpClient httpClient = HttpClients .custom() .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE) .build();
23条答案
按热度按时间mftmpeh816#
我们使用的是httpclient 4.3.5,我们尝试了stackoverflow上几乎所有的解决方案,但是都没有,在思考和解决问题之后,我们得到了下面的代码,它工作得很好,只是在创建httpclient示例之前添加了它。
发出post请求时要调用的某些方法。。。。
以正常形式继续您的请求
ukqbszuj17#
如果您只想消除无效的主机名错误,您只需执行以下操作:
x8diyxa718#
对于apache httpclient 4.4:
这是从我们实际的工作实现中提取出来的。
其他答案很流行,但对于httpclient4.4来说,它们不起作用。我花了好几个小时尝试各种可能性,但似乎在4.4版本中发生了极其重大的api更改和重新定位。
另请参见以下更全面的解释:http://literatejava.com/networks/ignore-ssl-certificate-errors-apache-httpclient-4-4/
希望有帮助!
xzv2uavs19#
作为记录,使用httpclient 4.3.6进行测试,并与fluent api的executor兼容:
nkkqxpd920#
为了记录在案,有一种更简单的方法可以用httpclient4.1实现同样的功能
sshcrbum21#
apache httpclient 4.5.5版
没有使用不推荐使用的api。
简单可验证测试用例:
mqkwyuun22#
只是在更新的httpclient 4.5上必须这样做,而且似乎他们从4.4开始就不赞成使用一些东西,所以下面是一个代码片段,它适用于我,并使用了最新的api:
ncecgwcz23#
所有其他答案要么被否决,要么不适用于httpclient4.3。
下面是一种在构建http客户机时允许所有主机名的方法。
或者,如果您使用的是版本4.4或更高版本,则更新的呼叫如下所示: