我遇到了一个奇怪的问题,即retrofit一直抛出以下错误:
"SSL握手中止:ssl=0x618d9c18:系统调用期间发生I/O错误, 连接被对等方重置"
在KitKat版本中发生,而在lollipop设备上相同的代码正常工作。我正在使用像以下这样的OkHttpClient客户端
public OkHttpClient getUnsafeOkHttpClient() {
try {
final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] chain,
String authType) {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] chain,
String authType) {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[0];
}
} };
int cacheSize = 10 * 1024 * 1024; // 10 MB
Cache cache = new Cache(getCacheDir(), cacheSize);
final SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(null, trustAllCerts,
new java.security.SecureRandom());
final SSLSocketFactory sslSocketFactory = sslContext
.getSocketFactory();
OkHttpClient okHttpClient = new OkHttpClient();
okHttpClient = okHttpClient.newBuilder()
.cache(cache)
.sslSocketFactory(sslSocketFactory)
.hostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER).build();
return okHttpClient;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
我在Retrofit中像这样使用此客户端
Retrofit retrofit = new Retrofit.Builder()
.baseUrl(URL)
.client(getUnsafeOkHttpClient())
.addConverterFactory(GsonConverterFactory.create())
.build();
编辑:在此处添加getUnsafeOkHttpClient()
没有任何效果,并且不建议通过使用getUnsafeOkHttpClient()
绕过ssl检查
FYI:问题是因为api端点仅支持TLS 1.2
,而在android设备16<device<20
上默认禁用了它。因此,对于16<device<20
,需要创建自定义的SSLSocketFactory
。