为了避免中间人受到攻击,我们编写了以下代码与我们的服务器通信,该服务器具有Go Daddy颁发的有效证书
KeyStore trustStore = KeyStore.getInstance("AndroidKeyStore");
SSLSocketFactory sf = new MySSLSocketFactory(trustStore);
sf.setHostnameVerifier(SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
HttpParams params = new BasicHttpParams();
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(new Scheme("https", sf, 443));
ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);
return new DefaultHttpClient(ccm, params);
尽管使用了“AndroidKeyStore”,我们仍可以与没有有效证书的网站进行对话。我们做错了什么?有什么帮助表示赞赏吗?