Fatal编程技术网
  • android/
  • Android javax.net.ssl.SSLException:证书中的主机名没有';在安卓系统中不匹配

Android javax.net.ssl.SSLException:证书中的主机名没有';在安卓系统中不匹配

android web-services ssl https

Android javax.net.ssl.SSLException:证书中的主机名没有';在安卓系统中不匹配,android,web-services,ssl,https,Android,Web Services,Ssl,Https,我正在更新android应用程序的web服务URL,我们正在使用https协议。我看到我当前的https URL正在工作,但现在我们正在迁移到新域,这就产生了问题 我已经检查了stackoverflow上的许多线程,但没有找到任何好的答案,大多数都是回答绕过此安全性或允许所有 javax.net.ssl.SSLException:证书中的主机名不匹配: //HttpGet getMethod=newhttpget(String.format(httpURL)); HttpGet getMetho

我正在更新android应用程序的web服务URL,我们正在使用
https
协议。我看到我当前的https URL正在工作,但现在我们正在迁移到新域,这就产生了问题

我已经检查了stackoverflow上的许多线程,但没有找到任何好的答案,大多数都是回答绕过此安全性或允许所有

javax.net.ssl.SSLException:证书中的主机名不匹配:

//HttpGet getMethod=newhttpget(String.format(httpURL));
HttpGet getMethod=新的HttpGet(httpURL);
DefaultHttpClient=新的DefaultHttpClient();
ResponseHandler ResponseHandler=新BasicResponseHandler();
HttpParams params=client.getParams();
params.setParameter(CoreConnectionPNames.CONNECTION_超时,60000);
params.setParameter(CoreConnectionPNames.SO_超时,60000);
client.setParams(params);
responseBody=client.execute(getMethod,responseHandler);
responseBody=responseBody.trim();
提前感谢。

如果它在浏览器中工作,但在应用程序中不工作,则可能是缺少SNI支持的问题,请参阅。

解决此问题的最佳方法似乎是使用HttpsUrlConnection而不是HttpGet

URL url = new Url(httpURL);
HttpURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
urlConnection.setReadTimeout(60000);
urlConnection.setConnectTimeout(60000);
urlConnection.setRequestMethod("GET");
urlConnection.setDoInput(true);

urlConnection.connect();
然后使用InputStream获取响应主体

InputStream inputStream = urlConnection.getInputStream();
多亏了

添加一个Java类CustomSSLSocketFactory.Java

 import java.io.IOException;
 import java.net.Socket;
 import java.net.UnknownHostException;
 import java.security.KeyManagementException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
 import org.apache.http.conn.ssl.SSLSocketFactory;

 public class CustomSSLSocketFactory extends SSLSocketFactory{
SSLContext sslContext = SSLContext.getInstance("TLS");
/**
 * Generate Certificate for ssl connection
 * @param truststore
 * @throws NoSuchAlgorithmException
 * @throws KeyManagementException
 * @throws KeyStoreException
 * @throws UnrecoverableKeyException
 */
public CustomSSLSocketFactory(KeyStore truststore)
        throws NoSuchAlgorithmException, KeyManagementException,
        KeyStoreException, UnrecoverableKeyException {
    super(truststore);
    TrustManager tm = new X509TrustManager(){
        @Override
        public void checkClientTrusted(X509Certificate[] arg0, String arg1)
                throws CertificateException {
        }
        @Override
        public void checkServerTrusted(X509Certificate[] chain,
                                       String authType) throws CertificateException {
        }
        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    };
    sslContext.init(null, new TrustManager[] {tm}, null);
}

@Override
public Socket createSocket(Socket socket, String host, int port,
                           boolean autoClose) throws IOException, UnknownHostException {
    return sslContext.getSocketFactory().createSocket(socket, host, port,
            autoClose);
}

@Override
public Socket createSocket() throws IOException {
    return sslContext.getSocketFactory().createSocket();
}
 }
在代码中

    String cloud_url="https://www.google.com";
    HttpClient client = new DefaultHttpClient();
        if(cloud_url.toLowerCase().contains("https://")){
            KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
            trustStore.load(null, null);
            SSLSocketFactory sf = new CustomSSLSocketFactory(trustStore);
            sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

            HttpParams params = new BasicHttpParams();
            SchemeRegistry registry = new SchemeRegistry();
            registry.register(new Scheme("https", sf, 443));

            ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);
            client= new DefaultHttpClient(ccm, params);
        }


        HttpGet request= new HttpGet( );
        request.setURI(new URI( cloud_url));
        HttpResponse response = client.execute(request);
您是否在浏览器中尝试了相同的url,是否收到任何证书错误???@Panther无错误,它在浏览器中工作是的,它在浏览器中工作,而不是在应用程序中。我们是否也需要在应用程序中为这个ssl连接保留一些证书?不,您必须使用支持SNI的东西,或者您必须为HTTPS服务器提供单独的IP地址,这样您就不需要使用SNI。有关更多详细信息,请参阅链接问题。 
    String cloud_url="https://www.google.com";
    HttpClient client = new DefaultHttpClient();
        if(cloud_url.toLowerCase().contains("https://")){
            KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
            trustStore.load(null, null);
            SSLSocketFactory sf = new CustomSSLSocketFactory(trustStore);
            sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

            HttpParams params = new BasicHttpParams();
            SchemeRegistry registry = new SchemeRegistry();
            registry.register(new Scheme("https", sf, 443));

            ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);
            client= new DefaultHttpClient(ccm, params);
        }


        HttpGet request= new HttpGet( );
        request.setURI(new URI( cloud_url));
        HttpResponse response = client.execute(request);