Trusting all certificates with okHttp

Just in case anyone falls here, the (only) solution that worked for me is creating the OkHttpClient like explained here.

Here is the code:

private static OkHttpClient getUnsafeOkHttpClient() {  try {    // Create a trust manager that does not validate certificate chains    final TrustManager[] trustAllCerts = new TrustManager[] {        new X509TrustManager() {          @Override          public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {          }          @Override          public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {          }          @Override          public java.security.cert.X509Certificate[] getAcceptedIssuers() {            return new java.security.cert.X509Certificate[]{};          }        }    };    // Install the all-trusting trust manager    final SSLContext sslContext = SSLContext.getInstance("SSL");    sslContext.init(null, trustAllCerts, new java.security.SecureRandom());    // Create an ssl socket factory with our all-trusting manager    final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();    OkHttpClient.Builder builder = new OkHttpClient.Builder();    builder.sslSocketFactory(sslSocketFactory, (X509TrustManager)trustAllCerts[0]);    builder.hostnameVerifier(new HostnameVerifier() {      @Override      public boolean verify(String hostname, SSLSession session) {        return true;      }    });    OkHttpClient okHttpClient = builder.build();    return okHttpClient;  } catch (Exception e) {    throw new RuntimeException(e);  }}

I made an extension function for Kotlin. Paste it where ever you like and import it while creating OkHttpClient.

fun OkHttpClient.Builder.ignoreAllSSLErrors(): OkHttpClient.Builder {    val naiveTrustManager = object : X509TrustManager {        override fun getAcceptedIssuers(): Array<X509Certificate> = arrayOf()        override fun checkClientTrusted(certs: Array<X509Certificate>, authType: String) = Unit        override fun checkServerTrusted(certs: Array<X509Certificate>, authType: String) = Unit    }    val insecureSocketFactory = SSLContext.getInstance("TLSv1.2").apply {        val trustAllCerts = arrayOf<TrustManager>(naiveTrustManager)        init(null, trustAllCerts, SecureRandom())    }.socketFactory    sslSocketFactory(insecureSocketFactory, naiveTrustManager)    hostnameVerifier(HostnameVerifier { _, _ -> true })    return this}

use it like this:

val okHttpClient = OkHttpClient.Builder().apply {    // ...    if (BuildConfig.DEBUG) //if it is a debug build ignore ssl errors        ignoreAllSSLErrors()    //...}.build()

This is sonxurxo's solution in Kotlin, if anyone needs it.

private fun getUnsafeOkHttpClient(): OkHttpClient {    // Create a trust manager that does not validate certificate chains    val trustAllCerts = arrayOf<TrustManager>(object : X509TrustManager {        override fun checkClientTrusted(chain: Array<out X509Certificate>?, authType: String?) {        }        override fun checkServerTrusted(chain: Array<out X509Certificate>?, authType: String?) {        }        override fun getAcceptedIssuers() = arrayOf<X509Certificate>()    })    // Install the all-trusting trust manager    val sslContext = SSLContext.getInstance("SSL")    sslContext.init(null, trustAllCerts, java.security.SecureRandom())    // Create an ssl socket factory with our all-trusting manager    val sslSocketFactory = sslContext.socketFactory    return OkHttpClient.Builder()        .sslSocketFactory(sslSocketFactory, trustAllCerts[0] as X509TrustManager)        .hostnameVerifier { _, _ -> true }.build()}