我有以下代码通过HTTPS连接,但我在连接尝试期间遇到以下错误。
WARN / System.err(9456):javax.net.ssl.SSLHandshakeException: org.bouncycastle.jce.exception.ExtCertPathValidatorException:无法验证证书签名。
我如何解决这个问题? 信任所有证书?我怎么做? 这不是问题,因为我只连接到同一台服务器。 我已经在我的应用程序中将EasyX509TrustManager作为一个类实现了。
提前谢谢。
try {
HttpClient client = new DefaultHttpClient();
// Setting up parameters
SchemeRegistry schemeRegistry = new SchemeRegistry();
// http scheme
schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
// https scheme
schemeRegistry.register(new Scheme("https", new EasySSLSocketFactory(), 443));
HttpParams params = new BasicHttpParams();
params.setParameter(ConnManagerPNames.MAX_TOTAL_CONNECTIONS, 30);
params.setParameter(ConnManagerPNames.MAX_CONNECTIONS_PER_ROUTE, new ConnPerRouteBean(30));
params.setParameter(HttpProtocolParams.USE_EXPECT_CONTINUE, false);
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
ClientConnectionManager cm = new ThreadSafeClientConnManager(params, schemeRegistry);
DefaultHttpClient httpClient = new DefaultHttpClient(cm, client.getParams());
// Example send HttpsPost request
final String url = "https://www.xxxx.com/web/restricted/form/formelement";
// Do the HTTPS Post
HttpPost httpPost = new HttpPost(url);
ArrayList<NameValuePair> postParameters;
postParameters = new ArrayList<NameValuePair>(2);
postParameters.add(new BasicNameValuePair("usr_name", username));
postParameters.add(new BasicNameValuePair("usr_password", password));
System.out.println(postParameters);
HttpResponse response = httpClient.execute(httpPost);
Log.w("Response ","Status line : "+ response.toString());
彼得,
谢谢你的答案,我按照你的建议,无法验证消息消失了。但是现在我收到以下消息:
09-26 23:47:20.381:WARN / ResponseProcessCookies(10704):Cookie被拒绝:“BasicClientCookie [version = 0,name = ObFormLoginCookie,domain = www.kpn.com,path = / web / restricted / form? formelement = 512663,期满=空]”。非法路径属性“/ web / restricted / form?formelement = 512663”。原产地:“/ web / restricted / form / formelement = 512663” 09-26 23:47:20.461:WARN / Response(10704):状态行:org.apache.http.message.BasicHttpResponse@407afb98
标题中似乎有些错误?
答案 0 :(得分:1)
不要相信所有证书,这是一个非常非常糟糕的主意。使用服务器的证书创建密钥库,将其放入应用程序的原始资产,然后将其加载到HttpClient的SSLSocketFactory中。然后在SchemeRegistry
。
答案 1 :(得分:0)
您需要提供自己的TrustManager
信任所有证书。