Hello all. I'm trying to create an SSL connection to a server that
uses a Self-Signed Certificate, and I'm trying to do it with a
DefaultHttpConnection. So far I have been able to turn off the
hostname checking for this connection (i.e. the gmail.com !=
mail.google.com error) but I cannot get past the Non-Trusted
Certificate error...
However, I have been able to make such a connection using the
java.net.ssl classes using the code below and download the site's
certificate. I believe that my next move should be to load the cert
into the default keystore, but I'm very fuzzy on how to do this, and I
haven't been able to find anything in the group that actually uses the
DefaultHttpClient instead of just creating an InputStream and
OutputStream to the server using the java.net.ssl.SSLSocket class.
My working code that uses the java.net.ssl libraries is below. Can
anybody help me turn this connection into a DefaultHttpConnection or
tell me what to do with the cert? Thanks in advance, G
P.S. MyHostNameVerifier and MyTrustManager are simple classes that
implement javax.net.ssl.HostnameVerifier and import
javax.net.ssl.X509TrustManager, respectively. MyHostnameVerifier
returns true in the verify() method, and MyTrustManager returns an
empty array in the getAcceptedIssuers() method. These two classes
were necessary to make the initial connection go through, but don't
seem to help when it comes to the DefaultHttpConnection (or maybe I'm
just not using it right... please help)
HttpsURLConnection.setDefaultHostnameVerifier(new
MyHostNameVerifier
());
MyTrustManager[] mtm = {new MyTrustManager()};
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, mtm, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory
());
SSLSocketFactory factory =
HttpsURLConnection.getDefaultSSLSocketFactory();
SSLSocket socket =
(SSLSocket)factory.createSocket(server, port);
// Connect to the server
socket.startHandshake();
// Retrieve the server's certificate chain
Certificate[] serverCerts = socket.getSession
().getPeerCertificates();
//socket.getSession().getPeerCertificateChain()
// Close the socket
socket.close();
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers-unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
-~----------~----~----~----~------~----~------~--~---
