12. javax.net.ssl.SSLException: hostname in certificate didn't match证书不匹配的主机名

来源：互联网发布：知乎,额尔古纳河的右岸编辑：程序博客网时间：2024/04/30 11:18

解决方法来自于：
http://blog.csdn.net/trbbadboy/article/details/11562511

问题：

在使用org.apache.http库请求网络时，出现javax.net.ssl.sslexception：证书不匹配的主机名的问题

【自己写的程序：】
这里写图片描述

【程序报的错：】

javax.net.ssl.SSLException: hostname in certificate didn't match: <pic2.zhimg.com> != <*.cdn.myqcloud.com> OR <*.dpfile.com> OR <*.cdn.myqcloud.com>

W/System.err:     at org.apache.http.conn.scheme.PlainSocketFactory.connectSocket(PlainSocketFactory.java:126)W/System.err:     at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:149)W/System.err:     at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:169)W/System.err:     at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:124)W/System.err:     at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:366)W/System.err:     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:560)W/System.err:     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:492)W/System.err:     at com.loopj.android.http.AsyncHttpRequest.makeRequest(AsyncHttpRequest.java:146)W/System.err:     at com.loopj.android.http.AsyncHttpRequest.makeRequestWithRetries(AsyncHttpRequest.java:177)W/System.err:     at com.loopj.android.http.AsyncHttpRequest.run(AsyncHttpRequest.java:106)W/System.err:     at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:428)W/System.err:     at java.util.concurrent.FutureTask.run(FutureTask.java:237)W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)W/System.err:     at java.lang.Thread.run(Thread.java:761)

原因：

估计是org.apache.http有自己的一套SSL东西，修改org.apache.http的主机名验证解决问题。

解决办法：

如果只是使用org.apache.http的话下面的方法就够了，在进行请求时多加一行（同时记得导入）：

import org.apache.http.conn.ssl.AllowAllHostnameVerifier;  import org.apache.http.conn.ssl.SSLSocketFactory;  SSLSocketFactory.getSocketFactory().setHostnameVerifier(new AllowAllHostnameVerifier());

额外：

如果你使用原始的URLConnect的话请这样设置：

try {             SSLContext sc = SSLContext.getInstance("TLS");      sc.init(null, new TrustManager[] { new X509TrustManager() {          @Override          public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {          }          @Override          public void checkServerTrusted(X509Certificate[] chain, String authType)          throws CertificateException {          }          @Override          public X509Certificate[] getAcceptedIssuers() {              return null;          }      } }, new SecureRandom());      HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());      HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {          @Override          public boolean verify(String arg0, SSLSession arg1) {              return true;          }      });  } catch (Exception e) {      e.printStackTrace();  }

设置以上代码之后，就可以正常使用如下了：

String https = "https://www.google.com.hk";  try {      HttpsURLConnection conn = (HttpsURLConnection) new URL(https).openConnection();      conn.setDoOutput(true);      conn.setDoInput(true);      conn.connect();      BufferedReader br = new BufferedReader(new InputStreamReader(conn.getInputStream()));      StringBuffer sb = new StringBuffer();      String line;      while ((line = br.readLine()) != null)          sb.append(line);      Log(sb.toString());  } catch (Exception e) {      e.printStackTrace();  }

三人行，必有我师焉~ 在此谢过大神的分享

0 0