我正在尝试使用以下属性创建SSLSocket:
据我所知:
SSLCertificateSocketFactory.getDefault不允许您设置自定义SNI,但会进行SSL证书验证。SSLCertificateSocketFactory.getInsecure允许您设置自定义SNI,但不会进行SSL证书验证。因此,最好的解决方案是在使用SSLCertificateSocketFactory.getInsecure创建的SSLSocket上启用SSL证书验证。
我使用以下代码设置自定义SNI:
SSLCertificateSocketFactory ssf = (SSLCertificateSocketFactory) SSLCertificateSocketFactory
.getInsecure(Utils.getConnectTimeOutForHost(m_host),
null);
m_sslsocket = (SSLSocket) ssf.createSocket(m_socket, m_host,
m_port, false);
m_sslsocket.setEnabledProtocols(m_sslsocket.getSupportedProtocols());
String hostName = getSNIHost();
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
Log.i(TAG, "Setting SNI hostname");
ssf.setHostname(m_sslsocket, hostName);
} else {
try {
java.lang.reflect.Method setHostnameMethod = m_sslsocket
.getClass().getMethod("setHostname", String.class);
setHostnameMethod.invoke(m_sslsocket, hostName);
} catch (Exception e) {
Log.w(TAG, "SNI not useable", e);
}
}