我正在尝试使用自签名证书与服务器进行交互。
它适用于Nougat但Oreo有例外:
javax.net.ssl.SSLHandshakeException: Handshake failed
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:444)
基于Android O的changelog,看起来似乎已经改变了不安全的协议回退。我只想确保我的信任经理不是问题:
public static OkHttpClient getClient() {
try {
// Create a trust manager that does not validate certificate chains
final TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
@SuppressLint("TrustAllX509TrustManager")
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
}
@SuppressLint("TrustAllX509TrustManager")
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[]{};
}
}
};
// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
OkHttpClient.Builder builder = new OkHttpClient.Builder();
builder.sslSocketFactory(sslSocketFactory, (X509TrustManager) trustAllCerts[0]);
// Allow our hostname
builder.hostnameVerifier((hostname, session) -> {
return hostname.equals(API_HOST_NAME);
});
builder.addInterceptor(new MyCustomInterceptor());
if (BuildConfig.DEBUG) {
builder.addInterceptor(new HttpLoggingInterceptor().setLevel(HttpLoggingInterceptor.Level.BASIC));
builder.addNetworkInterceptor(new StethoInterceptor());
}
return builder.build();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
服务器的配置基于this example。
我的客户端是否有任何明显错误,或者这可能是服务器上的问题?