Menu
How do I avoid the "javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated" exception and the Android Apache lib gap "The constructor SSLSocketFactory(SSLContext) is undefined" in making an Https request?
338
class RequestTask extends AsyncTask<String, String, String>{ @Override protected String doInBackground(String... uri) { HttpClient httpclient = new DefaultHttpClient(); HttpResponse response; String responseString = null; try { response = httpclient. execute(new HttpGet(uri[0])); StatusLine statusLine = response.
HttpClient is used when you want to receive and send data from the server over the internet. So for this you need to create a http client using HttpClient class. First, you will create the object of Http client and the URL to the constructor of HttpPost class that post the data.
This method takes an HttpClient instance and returns a ready-for-https HttpClient instance.
private HttpClient sslClient(HttpClient client) {
try {
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, new TrustManager[]{tm}, null);
SSLSocketFactory ssf = new MySSLSocketFactory(ctx);
ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = client.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", ssf, 443));
return new DefaultHttpClient(ccm, client.getParams());
} catch (Exception ex) {
return null;
}
}
Because the Android org.apache.http.conn.ssl.SSLSocketFactory does not have the SSLSocketFactory(SSLContext) constructor, I have extended the class as follows.
public class MySSLSocketFactory extends SSLSocketFactory {
SSLContext sslContext = SSLContext.getInstance("TLS");
public MySSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
super(truststore);
TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sslContext.init(null, new TrustManager[] { tm }, null);
}
public MySSLSocketFactory(SSLContext context) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
super(null);
sslContext = context;
}
@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
}
@Override
public Socket createSocket() throws IOException {
return sslContext.getSocketFactory().createSocket();
}
}
Excellent article here: http://javaskeleton.blogspot.com/2010/07/avoiding-peer-not-authenticated-with.html
And some help here: Trusting all certificates using HttpClient over HTTPS
168
I had similar problem which is more like this question but the root cause was completely different from those mentioned in both questions.
I was using DefaultHttpClient as httpclient for requesting https://maps.googleapis.com like links. I was trying whole banch of proposed solutions but none worked for me. After some more hours trying to solve it found root cause: My device was connected to a guest WIFI which probably has some specific filtering rules which blocked relevant network parts. Switching to a different network solved my problem.
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
