我需要将SNI设置为我的socketFactory。所以我一直在使用类SSLCertificateSocketFactory.在创建套接字时,它给了我一个 sslpeerunverifiedexception ,因为没有设置SAN到服务器证书。我可以如何抑制此异常,并要求它允许创建套接字而不考虑服务器证书吗?
以下是我的代码:
TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
SSLCertificateSocketFactory ssf = (SSLCertificateSocketFactory) SSLCertificateSocketFactory
.getDefault(0);
ssf.setTrustManagers(new TrustManager[] { tm });
m_sslsocket = (SSLSocket) ssf.createSocket(m_socket, m_host, m_port, false);
使用 getInsecure 创建 SSLCertificateSocketFactory 对我很有用。它返回禁用所有 SSL 安全检查的套接字工厂的新实例。
SSLCertificateSocketFactory ssf = (SSLCertificateSocketFactory) SSLCertificateSocketFactory
.getInsecure(0, null);