java https没有验证证书

Question

我想从我制作的java程序连接到https中的测试服务器。我不想验证证书中的任何内容，我该如何实现？

我正在使用：

HttpURLConnection connection = (HttpURLConnection) ( new URL(server).openConnection() );
                            connection.setDoOutput       (true);
                            connection.setDoInput        (true);
                            connection.setInstanceFollowRedirects(false); 
                            connection.setRequestMethod("POST"); 
          OutputStream        out  = connection.getOutputStream();
          OutputStreamWriter  wout = new OutputStreamWriter(out, "UTF-8");
                              wout.write(xml);
                              wout.flush();
                              out .close();




          //READ RESPONSE.
          InputStream in = connection.getInputStream();

但是当我执行时，我得到：

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present

Answer 1

通常您可以访问https网站，但Somesites需要证书。所以你可以在代码下使用。而且您必须使用InstallCert程序获取证书。

String httpsURL = "https://www.google.com";
URL myurl = new URL(httpsURL);
                HttpsURLConnection con = (HttpsURLConnection)myurl.openConnection();
                InputStream ins = con.getInputStream();
                InputStreamReader isr = new InputStreamReader(ins);
                BufferedReader in = new BufferedReader(isr);

Answer 2

你可以这样做..

URL url1;
try {
            url1 = new URL(url);

            if(url1.getProtocol().equalsIgnoreCase("https")){// you dont need this check
                try {
                HostnameVerifier hv = new HostnameVerifier() {

                       public boolean verify(String urlHostName, javax.net.ssl.SSLSession session) {

                           if (urlHostName.equals(session.getPeerHost())) {
                               logger.info("Verified HTTPS "+session.getPeerHost()+"  >> "+ urlHostName);
                           } else {
                               logger.info("Warning: URL host "+urlHostName+" is different to SSLSession host "+session.getPeerHost());
                           }
                           return true;
                       }
                   };

                   TrustManager[] trustAll = new javax.net.ssl.TrustManager[] { new javax.net.ssl.X509TrustManager() {

                       public java.security.cert.X509Certificate[] getAcceptedIssuers() {

                           return null;
                       }

                       public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {

                       }

                       public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {

                       }
                   } };

                   javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");

                    sc.init(null, trustAll, new java.security.SecureRandom());

                   SSLSocketFactory factory = (SSLSocketFactory) sc.getSocketFactory();
                   HttpsURLConnection.setDefaultSSLSocketFactory(factory);
                   HttpsURLConnection.setDefaultHostnameVerifier(hv);

                    HttpsURLConnection connection = (HttpsURLConnection)                 url1.openConnection();
                    connection.setDoOutput(true);
                    connection.setDoInput(true);
                    connection.setRequestMethod("POST");
                    connection.setUseCaches(false);     

继续使用OutputStreamWriter写入部分。 您可以在不导入ssl证书且没有任何第三方支持的情况下执行此操作。

Answer 3

如果您尝试从https://IP/file获取，则会返回错误，即IP未经验证