Apache HttpClient 错误：javax.net.ssl.SSLPeerUnverifiedException：Peer Not Authenticated

Question

我正在尝试配置 org.apache.http.client.HttpClient 以使用 https。这是客户端配置：

TrustManager[] trustManagers = new TrustManager[] { new DummyTrustManager() };

SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, trustManagers, null);

SSLSocketFactory sf = new SSLSocketFactory(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

Scheme scheme = new Scheme("https", 443, sf);
SchemeRegistry registry = new SchemeRegistry();
registry.register(scheme);

ThreadSafeClientConnManager cm = new ThreadSafeClientConnManager(registry);

DefaultHttpClient client = new DefaultHttpClient(cm, httpParameters);

这是DummyTrustManager的代码：

public static class DummyTrustManager implements X509TrustManager {

    @Override
    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    }

    @Override
    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}

当我发送请求时，我得到了

 `javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated`

可能是什么问题？

Answer 1

你还需要调整TrustStrategy：

TrustStrategy acceptingTrustStrategy = new TrustStrategy() {
    @Override
    public boolean isTrusted(X509Certificate[] certificate, String authType) {
        return true;
    }
};
SSLSocketFactory sf = new SSLSocketFactory(acceptingTrustStrategy, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
...

查看完整示例：http://www.baeldung.com/httpclient-ssl