Trusting all certificates with okHttp
Just in case anyone falls here, the (only) solution that worked for me is creating the OkHttpClient
like explained here.
Here is the code:
private static OkHttpClient getUnsafeOkHttpClient() { try { // Create a trust manager that does not validate certificate chains final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { @Override public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { } @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[]{}; } } }; // Install the all-trusting trust manager final SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); // Create an ssl socket factory with our all-trusting manager final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); OkHttpClient.Builder builder = new OkHttpClient.Builder(); builder.sslSocketFactory(sslSocketFactory, (X509TrustManager)trustAllCerts[0]); builder.hostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }); OkHttpClient okHttpClient = builder.build(); return okHttpClient; } catch (Exception e) { throw new RuntimeException(e); }}
I made an extension function for Kotlin. Paste it where ever you like and import it while creating OkHttpClient
.
fun OkHttpClient.Builder.ignoreAllSSLErrors(): OkHttpClient.Builder { val naiveTrustManager = object : X509TrustManager { override fun getAcceptedIssuers(): Array<X509Certificate> = arrayOf() override fun checkClientTrusted(certs: Array<X509Certificate>, authType: String) = Unit override fun checkServerTrusted(certs: Array<X509Certificate>, authType: String) = Unit } val insecureSocketFactory = SSLContext.getInstance("TLSv1.2").apply { val trustAllCerts = arrayOf<TrustManager>(naiveTrustManager) init(null, trustAllCerts, SecureRandom()) }.socketFactory sslSocketFactory(insecureSocketFactory, naiveTrustManager) hostnameVerifier(HostnameVerifier { _, _ -> true }) return this}
use it like this:
val okHttpClient = OkHttpClient.Builder().apply { // ... if (BuildConfig.DEBUG) //if it is a debug build ignore ssl errors ignoreAllSSLErrors() //...}.build()
This is sonxurxo's solution in Kotlin, if anyone needs it.
private fun getUnsafeOkHttpClient(): OkHttpClient { // Create a trust manager that does not validate certificate chains val trustAllCerts = arrayOf<TrustManager>(object : X509TrustManager { override fun checkClientTrusted(chain: Array<out X509Certificate>?, authType: String?) { } override fun checkServerTrusted(chain: Array<out X509Certificate>?, authType: String?) { } override fun getAcceptedIssuers() = arrayOf<X509Certificate>() }) // Install the all-trusting trust manager val sslContext = SSLContext.getInstance("SSL") sslContext.init(null, trustAllCerts, java.security.SecureRandom()) // Create an ssl socket factory with our all-trusting manager val sslSocketFactory = sslContext.socketFactory return OkHttpClient.Builder() .sslSocketFactory(sslSocketFactory, trustAllCerts[0] as X509TrustManager) .hostnameVerifier { _, _ -> true }.build()}