我正试图连接到一个具有自签名证书的服务,该证书来自仅在原型测试期间存在的内部测试环境。Ktor客户端出现以下故障:
javax.net.ssl.SSLHandshakeException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
在这种情况下,我该如何禁用证书验证呢?
这是我对CIO引擎的解决方案。
val client = HttpClient(CIO) {
engine {
https {
trustManager = object: X509TrustManager {
override fun checkClientTrusted(p0: Array<out X509Certificate>?, p1: String?) { }
override fun checkServerTrusted(p0: Array<out X509Certificate>?, p1: String?) { }
override fun getAcceptedIssuers(): Array<X509Certificate>? = null
}
}
}
}
警告!请勿在任何生产环境中使用此方法。我只是在一个没有敏感信息的隔离测试环境中进行了测试。
按照Java:覆盖函数以禁用SSL证书检查(具体来说:https://dev59.com/mWIj5IYBdhLWcg3w95cc#19723687)中第一个答案的说明:
我发现我可以添加自己的TrustAll管理器实现:
import java.security.cert.X509Certificate
import javax.net.ssl.X509TrustManager
class TrustAllX509TrustManager : X509TrustManager {
override fun getAcceptedIssuers(): Array<X509Certificate?> = arrayOfNulls(0)
override fun checkClientTrusted(certs: Array<X509Certificate?>?, authType: String?) {}
override fun checkServerTrusted(certs: Array<X509Certificate?>?, authType: String?) {}
}
import io.ktor.client.*
import io.ktor.client.engine.apache.*
import java.security.SecureRandom
import javax.net.ssl.SSLContext
val client = HttpClient(Apache) {
engine {
sslContext = SSLContext.getInstance("TLS")
.apply {
init(null, arrayOf(TrustAllX509TrustManager()), SecureRandom())
}
}
// install other features ....
}
我鼓励任何人发现如何在其他引擎上执行此操作的方法,可以添加自己的答案,或者如果您将其作为评论添加,我将尝试保持此答案的更新。
HttpClient(Android),您可以使用以下代码: engine { sslManager = { httpsURLConnection -> httpsURLConnection.sslSocketFactory = SSLContext.getInstance("TLS").apply{}.socketFactory } - Sam