android Ktor套接字客户端到自签名服务器:特定于域的配置需要...使用checkServerTrusted(X509Certificate[],String,String)

vd8tlhqk  于 2023-05-12  发布在  Android
关注(0)|答案(1)|浏览(159)

我正在尝试建立一个套接字连接到一个自我签署的服务器。
在我的gradle文件中,我使用了以下命令:

implementation 'io.ktor:ktor-network:1.6.5'
implementation 'io.ktor:ktor-network-tls:1.6.5'

我建立连接的代码:

socketConnection = aSocket( ActorSelectorManager( Dispatchers.IO ))
    .tcp( ).connect( InetSocketAddress( "192.168.1.5", 8080 ))
    .tls( Dispatchers.IO )

现在我试着去相信证书

android:networkSecurityConfig="@xml/network_security_config"

我的AndroidManifest.xml在应用程序标签。
我的network_security_config.xml

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config>
        <domain includeSubdomains="true">192.168.78.74</domain>
        <trust-anchors>
            <certificates src="@raw/my_cert"/>
        </trust-anchors>
    </domain-config>
</network-security-config>

当我运行应用程序时,我得到这个错误:

java.security.cert.CertificateException: Domain specific configurations require that hostname aware checkServerTrusted(X509Certificate[], String, String) is used
    at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:112)
    at io.ktor.network.tls.TLSClientHandshake.handleCertificatesAndKeys(TLSClientHandshake.kt:234)
    at io.ktor.network.tls.TLSClientHandshake.negotiate(TLSClientHandshake.kt:165)
    at io.ktor.network.tls.TLSClientHandshake$negotiate$1.invokeSuspend(Unknown Source:14)
    at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
    at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
    at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571)
    at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750)
    at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678)
    at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665)
android

1条答案

按热度按时间
xqkwcwgp

xqkwcwgp1#

我正在使用ktor,并希望使用代理人监控流量
为了解决这个异常,我不得不将代理直接添加到HttpClient,并添加一个不检查证书的自定义信任管理器
仅用于开发目的。

val client = HttpClient(CIO) {
    engine {
        proxy = ProxyBuilder.http("http://PROXY_IP_HERE:PROXY_PORT_HERE/")
        https {
            trustManager = MyTrustManager(this)
        }
    }
}

class MyTrustManager(private val config: TLSConfigBuilder) : X509TrustManager {
    private val delegate = config.build().trustManager
    private val extensions = X509TrustManagerExtensions(delegate)

    override fun checkClientTrusted(certificates: Array<out X509Certificate>?, authType: String?) {}

    override fun checkServerTrusted(certificates: Array<out X509Certificate>?, authType: String?) {}

    override fun getAcceptedIssuers(): Array<X509Certificate> = delegate.acceptedIssuers
}

使用以下网络安全配置:

<network-security-config>
    <domain-config>
        <!-- Make sure your URL Server here -->
        <domain includeSubdomains="true">your_domain</domain>
        <trust-anchors>
            <certificates src="user"/>
            <certificates src="system"/>
        </trust-anchors>
    </domain-config>

    <debug-overrides>
        <trust-anchors>
            <certificates src="user" />
            <certificates src="system" />
        </trust-anchors>
    </debug-overrides>

    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>
</network-security-config>
赞(0)分享  回复(0)举报  2023-05-12
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com