tags:

views:

905

answers:

3
+2  Q: 

Apache HttpClient 4.0 Ignore SSL Certificate Errors

How to bypass invalid SSL certificate errors with Apache HttpClient 4.0?

+1  A: 

Here's a solution for 3.x, which should be modifiable to 4.x.

Stefan Kendall  2010-04-24 04:09:30
+3  A: 

You need to create a SSLContext with your own TrustManager and create HTTPS scheme using this context. Here is the code,

SSLContext sslContext = SSLContext.getInstance("SSL");

// set up a TrustManager that trusts everything
sslContext.init(null, new TrustManager[] { new X509TrustManager() {
            public X509Certificate[] getAcceptedIssuers() {
                    System.out.println("getAcceptedIssuers =============");
                    return null;
            }

            public void checkClientTrusted(X509Certificate[] certs,
                            String authType) {
                    System.out.println("checkClientTrusted =============");
            }

            public void checkServerTrusted(X509Certificate[] certs,
                            String authType) {
                    System.out.println("checkServerTrusted =============");
            }
} }, new SecureRandom());

SSLSocketFactory sf = new SSLSocketFactory(sslcontext);
Scheme httpsScheme = new Scheme("https", sf, 443);
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(httpsScheme);

HttpParams params = new BasicHttpParams();
ClientConnectionManager cm = new SingleClientConnManager(params, schemeRegistry);
HttpClient              httpClient = new DefaultHttpClient(cm, params);
ZZ Coder  2010-04-24 04:32:21
Say I don't want to buy valid SSL certificate for my site and just want to use it, this piece of code can help? How come I don't see any part where a URL is needed or exception handling is needed?
Viet  2010-04-24 10:56:16
As you can see the X509TrustManager doesn't check for anything and doesn't throw any exceptions so any cert is accepted.
ZZ Coder  2010-04-24 13:19:26
Just use anonymous DH ciphersuites and be done with it.
GregS  2010-04-24 13:22:35
Thanks! It was simpler than I expected :)
Viet  2010-04-26 02:57:58
+1  A: 

in extension to this answer it will be nice to override the hostnameverifier

// ...
SSLSocketFactory sf = new SSLSocketFactory (sslContext);
sf.setHostnameVerifier(new X509HostnameVerifier() {

  public boolean verify(String hostname, SSLSession session) {
    return true;
  }

  public void verify(String host, String[] cns, String[] subjectAlts)
  throws SSLException {
  }

  public void verify(String host, X509Certificate cert) throws SSLException {
  }

  public void verify(String host, SSLSocket ssl) throws IOException {
  }
});
// ...
eldur  2010-10-08 20:28:49

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java