2

我需要将 SNI 设置为我的 socketFactory。所以我一直在使用这个类SSLCertificateSocketFactory。在创建套接字时,它给了我一个sslpeerunverifiedexception服务器证书,因为没有 SAN 集。我可以如何抑制这个异常,并要求它允许创建套接字而不考虑服务器证书?

以下是我的代码:

            TrustManager tm = new X509TrustManager() {
                public void checkClientTrusted(X509Certificate[] chain,
                        String authType) throws CertificateException {
                }

                public void checkServerTrusted(X509Certificate[] chain,
                        String authType) throws CertificateException {
                }

                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            };

            SSLCertificateSocketFactory ssf = (SSLCertificateSocketFactory) SSLCertificateSocketFactory
                    .getDefault(0);

            ssf.setTrustManagers(new TrustManager[] { tm });

            m_sslsocket = (SSLSocket) ssf.createSocket(m_socket, m_host, m_port, false);
4

1 回答 1

0

使用getInsecure创建 SSLCertificateSocketFactory 对我有用。它返回一个禁用所有 SSL 安全检查的套接字工厂的新实例。

SSLCertificateSocketFactory ssf = (SSLCertificateSocketFactory) SSLCertificateSocketFactory
                    .getInsecure(0, null);
于 2014-12-16T07:30:39.003 回答