Menu
I need to skip hostname verification with httpclient 4.2.1 without changing the trustmanager. I archived this like this:
httpClient = new DefaultHttpClient(a, b);
SSLSocketFactory socketFactory = (SSLSocketFactory) httpClient.getConnectionManager().getSchemeRegistry().get("https").getSchemeSocketFactory();
socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
... but setHostnameVerifier method i used is deprecated. How can i achieve the same thing with using not deprecated methods?
411
DON'T DO THIS!!!
As explained to you at https://stackoverflow.com/a/29547114/3081018 already this is a very bad idea and effectively disables all validation, because an attacker then could use any certificate for some other host to mount a man-in-the-middle attack.
It does not get more secure you ask the same question again.
54
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
