Menu
I am using retrofit in android to connect with server.
public class ApiClient { public static final String BASE_URL = "https://example.com/"; private static Retrofit retrofit = null; public static Retrofit getClient() { if (retrofit==null) { retrofit = new Retrofit.Builder() .baseUrl(BASE_URL) .addConverterFactory(GsonConverterFactory.create()) .build(); } return retrofit; } } This is my dev. server and I want to disable certificate check. How can I implement in this code?
ERROR: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
244
Method 1: Passing verify=False to request method The requests module has various methods like get, post, delete, request, etc. Each of these methods accepts an URL for which we send an HTTP request. Along with the URL also pass the verify=False parameter to the method in order to disable the security checks.
Disable Chrome Checking All SSL Certificates If you're on Windows simply right-click into the properties of the launcher. Then add --ignore-certificate-errors in the target field. Then restart Chrome.
To disable a certificate, right-click the certificate, click Properties, select Disable all purposes for this certificate, and then click OK.
Use this class to get unsafe Retrofit instance. I have included imports to avoid confusion.
import java.security.cert.CertificateException; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import okhttp3.OkHttpClient; import retrofit2.Retrofit; import retrofit2.converter.gson.GsonConverterFactory; import view.utils.AppConstants; /** * Created by Hitesh.Sahu on 11/23/2016. */ public class NetworkHandler { public static Retrofit getRetrofit() { return new Retrofit.Builder() .baseUrl(AppConstants.BASE_URL) .addConverterFactory(GsonConverterFactory.create()) .client(getUnsafeOkHttpClient()) .build(); } private static OkHttpClient getUnsafeOkHttpClient() { try { // Create a trust manager that does not validate certificate chains final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { @Override public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { } @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[]{}; } } }; // Install the all-trusting trust manager final SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); // Create an ssl socket factory with our all-trusting manager final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); OkHttpClient.Builder builder = new OkHttpClient.Builder(); builder.sslSocketFactory(sslSocketFactory); builder.hostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }); OkHttpClient okHttpClient = builder.build(); return okHttpClient; } catch (Exception e) { throw new RuntimeException(e); } } } And then simply use retrofit without ssl check like this
private void postFeedbackOnServer() { MyApiEndpointInterface apiService = NetworkHandler.getRetrofit().create(MyApiEndpointInterface.class); Call<ResponseBE> call = apiService.submitFeedbackToServer(requestObject); Log.e(TAG , "Request is" + new Gson().toJson(requestObject).toString() ); call.enqueue(new Callback<ResponseBE>() { @Override public void onResponse(Call<ResponseBE> call, Response<ResponseBE> response) { int statusCode = response.code(); if (statusCode == HttpURLConnection.HTTP_OK) { ...... } else { Toast.makeText(FeedbackActivity.this, "Failed to submit Data" + statusCode, Toast.LENGTH_SHORT).show(); } } @Override public void onFailure(Call<ResponseBE> call, Throwable t) { // Log error here since request failed Toast.makeText(FeedbackActivity.this, "Failure" + t.getLocalizedMessage(), Toast.LENGTH_SHORT).show(); } }); } If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
