Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Disable SSL certificate check in retrofit library

Tags:

I am using retrofit in android to connect with server.

public class ApiClient {     public static final String BASE_URL = "https://example.com/";     private static Retrofit retrofit = null;      public static Retrofit getClient() {         if (retrofit==null) {             retrofit = new Retrofit.Builder()                     .baseUrl(BASE_URL)                     .addConverterFactory(GsonConverterFactory.create())                     .build();         }         return retrofit;     } } 

This is my dev. server and I want to disable certificate check. How can I implement in this code?

ERROR: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

like image 244
Ronak Patel Avatar asked Jun 07 '16 18:06

Ronak Patel


People also ask

How do I disable security certificate checks for request in Python?

Method 1: Passing verify=False to request method The requests module has various methods like get, post, delete, request, etc. Each of these methods accepts an URL for which we send an HTTP request. Along with the URL also pass the verify=False parameter to the method in order to disable the security checks.

How do I disable certificate check in browser?

Disable Chrome Checking All SSL Certificates If you're on Windows simply right-click into the properties of the launcher. Then add --ignore-certificate-errors in the target field. Then restart Chrome.

How do I disable SSL certificate verification in Windows?

To disable a certificate, right-click the certificate, click Properties, select Disable all purposes for this certificate, and then click OK.


1 Answers

Use this class to get unsafe Retrofit instance. I have included imports to avoid confusion.

import java.security.cert.CertificateException;  import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager;  import okhttp3.OkHttpClient; import retrofit2.Retrofit; import retrofit2.converter.gson.GsonConverterFactory; import view.utils.AppConstants;  /**  * Created by Hitesh.Sahu on 11/23/2016.  */  public class NetworkHandler {      public static Retrofit getRetrofit() {          return new Retrofit.Builder()                 .baseUrl(AppConstants.BASE_URL)                 .addConverterFactory(GsonConverterFactory.create())                 .client(getUnsafeOkHttpClient())                 .build();     }       private static OkHttpClient getUnsafeOkHttpClient() {         try {             // Create a trust manager that does not validate certificate chains             final TrustManager[] trustAllCerts = new TrustManager[] {                     new X509TrustManager() {                         @Override                         public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {                         }                          @Override                         public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {                         }                          @Override                         public java.security.cert.X509Certificate[] getAcceptedIssuers() {                             return new java.security.cert.X509Certificate[]{};                         }                     }             };              // Install the all-trusting trust manager             final SSLContext sslContext = SSLContext.getInstance("SSL");             sslContext.init(null, trustAllCerts, new java.security.SecureRandom());             // Create an ssl socket factory with our all-trusting manager             final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();              OkHttpClient.Builder builder = new OkHttpClient.Builder();             builder.sslSocketFactory(sslSocketFactory);             builder.hostnameVerifier(new HostnameVerifier() {                 @Override                 public boolean verify(String hostname, SSLSession session) {                     return true;                 }             });              OkHttpClient okHttpClient = builder.build();             return okHttpClient;         } catch (Exception e) {             throw new RuntimeException(e);         }     } } 

And then simply use retrofit without ssl check like this

    private void postFeedbackOnServer() {          MyApiEndpointInterface apiService =                 NetworkHandler.getRetrofit().create(MyApiEndpointInterface.class);          Call<ResponseBE> call = apiService.submitFeedbackToServer(requestObject);          Log.e(TAG ,  "Request is" + new Gson().toJson(requestObject).toString() );          call.enqueue(new Callback<ResponseBE>() {             @Override             public void onResponse(Call<ResponseBE> call, Response<ResponseBE> response) {                 int statusCode = response.code();                  if (statusCode == HttpURLConnection.HTTP_OK) {                ......                  } else {                     Toast.makeText(FeedbackActivity.this, "Failed to submit Data" + statusCode, Toast.LENGTH_SHORT).show();                 }             }              @Override             public void onFailure(Call<ResponseBE> call, Throwable t) {                  // Log error here since request failed                 Toast.makeText(FeedbackActivity.this, "Failure" + t.getLocalizedMessage(), Toast.LENGTH_SHORT).show();              }         });     } 
like image 157
Hitesh Sahu Avatar answered Sep 23 '22 12:09

Hitesh Sahu