使用HttpClinet 遇到
javax.net.ssl.SSLException: hostname in certificate didn't match: <cpd.vivo.com.cn> != <*.cdn.myqcloud.com> OR <*.cdn.myqcloud.com> OR <*.2144.cn> OR <*.2144.com> OR
错误
需要修改HttpClinet代码
@SuppressWarnings("deprecation")
public static String httpPost(String url,Map<String,String> params,String cookie){
String result = null;
DefaultHttpClient httpClient = new DefaultHttpClient();
httpClient.getParams().setParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, 60000); // 连接超时时间
httpClient.getParams().setParameter(CoreConnectionPNames.SO_TIMEOUT, 90000); // 数据传输时间
//创建TrustManager
X509TrustManager xtm = new X509TrustManager() {
@SuppressWarnings("unused")
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
@SuppressWarnings("unused")
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] arg0, String arg1)
throws java.security.cert.CertificateException {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] arg0, String arg1)
throws java.security.cert.CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
};
//这个好像是HOST验证
X509HostnameVerifier hostnameVerifier = new X509HostnameVerifier() {
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
public void verify(String arg0, SSLSocket arg1) throws IOException {}
public void verify(String arg0, String[] arg1, String[] arg2) throws SSLException {}
@SuppressWarnings("unused")
public void verify(String arg0, X509Certificate arg1) throws SSLException {}
@Override
public void verify(String arg0, java.security.cert.X509Certificate arg1) throws SSLException {
}
};
try {
//TLS1.0与SSL3.0基本上没有太大的差别,可粗略理解为TLS是SSL的继承者,但它们使用的是相同的SSLContext
SSLContext ctx = SSLContext.getInstance("TLS");
//使用TrustManager来初始化该上下文,TrustManager只是被SSL的Socket所使用
ctx.init(null, new TrustManager[] { xtm }, null);
//创建SSLSocketFactory
SSLSocketFactory socketFactory = new SSLSocketFactory(ctx);
socketFactory.setHostnameVerifier(hostnameVerifier);
//通过SchemeRegistry将SSLSocketFactory注册到我们的HttpClient上
httpClient.getConnectionManager().getSchemeRegistry().register(new Scheme("https", socketFactory, 443));
} catch (KeyManagementException e1) {
e1.printStackTrace();
} catch (NoSuchAlgorithmException e1) {
e1.printStackTrace();
}
HttpPost post = null;
post = new HttpPost(url);
post.setHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
post.setHeader("Cookie",cookie);
// 参数
List<NameValuePair> list = new ArrayList<NameValuePair>();
Set<String> keySet = params.keySet();
for(String key:keySet){
list.add(new BasicNameValuePair(key, params.get(key)));
}
try {
post.setEntity(new UrlEncodedFormEntity(list,HTTP.UTF_8));
HttpResponse response = httpClient.execute(post);
result = reponse2String(response);
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
// 关闭
httpClient.getConnectionManager().shutdown();
return result;
}
主要代码
//创建TrustManager
X509TrustManager xtm = new X509TrustManager() {
@SuppressWarnings("unused")
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
@SuppressWarnings("unused")
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] arg0, String arg1)
throws java.security.cert.CertificateException {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] arg0, String arg1)
throws java.security.cert.CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
};
//这个好像是HOST验证
X509HostnameVerifier hostnameVerifier = new X509HostnameVerifier() {
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
public void verify(String arg0, SSLSocket arg1) throws IOException {}
public void verify(String arg0, String[] arg1, String[] arg2) throws SSLException {}
@SuppressWarnings("unused")
public void verify(String arg0, X509Certificate arg1) throws SSLException {}
@Override
public void verify(String arg0, java.security.cert.X509Certificate arg1) throws SSLException {
}
};
try {
//TLS1.0与SSL3.0基本上没有太大的差别,可粗略理解为TLS是SSL的继承者,但它们使用的是相同的SSLContext
SSLContext ctx = SSLContext.getInstance("TLS");
//使用TrustManager来初始化该上下文,TrustManager只是被SSL的Socket所使用
ctx.init(null, new TrustManager[] { xtm }, null);
//创建SSLSocketFactory
SSLSocketFactory socketFactory = new SSLSocketFactory(ctx);
socketFactory.setHostnameVerifier(hostnameVerifier);
//通过SchemeRegistry将SSLSocketFactory注册到我们的HttpClient上
httpClient.getConnectionManager().getSchemeRegistry().register(new Scheme("https", socketFactory, 443));
} catch (KeyManagementException e1) {
e1.printStackTrace();
} catch (NoSuchAlgorithmException e1) {
e1.printStackTrace();
}