{"id":7724,"date":"2015-10-19T01:09:54","date_gmt":"2015-10-19T01:09:54","guid":{"rendered":"https:\/\/unknownerror.org\/index.php\/2015\/10\/19\/trusting-all-certificates-with-okhttp-open-source-projects-square-okhttp\/"},"modified":"2015-10-19T01:09:54","modified_gmt":"2015-10-19T01:09:54","slug":"trusting-all-certificates-with-okhttp-open-source-projects-square-okhttp","status":"publish","type":"post","link":"https:\/\/unknownerror.org\/index.php\/2015\/10\/19\/trusting-all-certificates-with-okhttp-open-source-projects-square-okhttp\/","title":{"rendered":"Trusting all certificates with okHttp-open source projects square\/okhttp"},"content":{"rendered":"

For testing purposes, I’m trying to add a socket factory to my okHttp client that trusts everything while a proxy is set. This has been done many times over, but my implementation of a trusting socket factory seems to be missing something:<\/p>\n

class TrustEveryoneManager implements X509TrustManager {\n    @Override\n    public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { }\n\n    @Override\n    public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { }\n\n    @Override\n    public java.security.cert.X509Certificate[] getAcceptedIssuers() {\n        return null;\n    }\n}\nOkHttpClient client = new OkHttpClient();\n\nfinal InetAddress ipAddress = InetAddress.getByName(\"XX.XXX.XXX.XXX\"); \/\/ some IP\nclient.setProxy(new Proxy(Proxy.Type.HTTP, new InetSocketAddress(ipAddress, 8888)));\n\nSSLContext sslContext = SSLContext.getInstance(\"TLS\");\nTrustManager[] trustManagers = new TrustManager[]{new TrustEveryoneManager()};\nsslContext.init(null, trustManagers, null);\nclient.setSslSocketFactory(sslContext.getSocketFactory);\n<\/code><\/pre>\n
No requests are being sent out of my app and no exceptions are getting logged so it seems that it’s failing silently within okHttp. Upon further investigation, it seems that there is an Exception being swallowed up in okHttp’s Connection.upgradeToTls()<\/code> when the handshake is being forced. The exception I’m being given is: javax.net.ssl.SSLException: SSL handshake terminated: ssl=0x74b522b0: SSL_ERROR_ZERO_RETURN occurred. You should never see this.<\/code><\/p>\n
The following code produces an SSLContext<\/code> which works like a charm in creating an SSLSocketFactory that doesn’t throw any exceptions:<\/p>\n
protected SSLContext getTrustingSslContext() throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException {\n    final SSLContextBuilder trustingSSLContextBuilder = SSLContexts.custom()\n            .loadTrustMaterial(null, new TrustStrategy() {\n                @Override\n                public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {\n                    return true; \/\/ Accepts any ssl cert whether valid or not.\n                }\n            });\n    return trustingSSLContextBuilder.build();\n}\n<\/code><\/pre>\n
The issue is that I’m trying to remove all Apache HttpClient dependencies from my app completely. The underlying code with Apache HttpClient to produce the SSLContext<\/code> seems straightforward enough, but I’m obviously missing something as I cannot configure my SSLContext<\/code> to match this.<\/p>\n
Would anyone be able to produce an SSLContext implementation which does what I’d like without using Apache HttpClient?<\/p>\n","protected":false},"excerpt":{"rendered":"
For testing purposes, I’m trying to add a socket factory to my okHttp client that trusts everything while a proxy is set. This has been done many times over, but my implementation of a trusting socket factory seems to be missing something: class TrustEveryoneManager implements X509TrustManager { @Override public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-7724","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts\/7724","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/comments?post=7724"}],"version-history":[{"count":0,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts\/7724\/revisions"}],"wp:attachment":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/media?parent=7724"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/categories?post=7724"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/tags?post=7724"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}