Skip to content

Instantly share code, notes, and snippets.

@chalup
Created January 30, 2014 11:30
Show Gist options
  • Select an option

  • Save chalup/8706740 to your computer and use it in GitHub Desktop.

Select an option

Save chalup/8706740 to your computer and use it in GitHub Desktop.
Get OkHttpClient which ignores all SSL errors.
private static OkHttpClient getUnsafeOkHttpClient() {
try {
// Create a trust manager that does not validate certificate chains
final TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}
};
// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
OkHttpClient okHttpClient = new OkHttpClient();
okHttpClient.setSslSocketFactory(sslSocketFactory);
okHttpClient.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
return okHttpClient;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
@MS893

MS893 commented May 17, 2015

Copy link
Copy Markdown

When I try it in my code, I have an exception javax.net.ssl.SSLHandshakeException: Handshake failed when I do int response_code = conn.getResponseCode();
Any idea of where I'm wrong ? (I'm using Robospice and okHttp)

@awong1900

Copy link
Copy Markdown

It' work. First l don't write

okHttpClient.setHostnameVerifier(new HostnameVerifier() {
        @Override
        public boolean verify(String hostname, SSLSession session) {
          return true;
        }
      });

@MS893

@rathahin

Copy link
Copy Markdown

It is not working

@jbc25

jbc25 commented Oct 5, 2015

Copy link
Copy Markdown

Working!

@bobbyflowstate

Copy link
Copy Markdown

This isn't working for me. I'm getting "Failed to validate the certificate chain, error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found."

@roma-sck

Copy link
Copy Markdown

good!)

@rjaiswal1808

Copy link
Copy Markdown

Thanks for response. I was banging my head against wall during lunch time... :+1

@jbxbergdev

Copy link
Copy Markdown

Note this approach doesn't work any more with current versions of OkHttp . With 3.1.1 it seems completely broken. From 3.1.2 onwards, X509TrustManager.getAcceptedIssuers() must return an empty array instead of null. For more information, see this commit (scroll down and see the notes under RealTrustRootIndex.java).

@nyamwaya

Copy link
Copy Markdown

This is awesome! It worked for me but be warned your requests for images will not go through! anyone have a workaround for that ?

@SharpCoder

Copy link
Copy Markdown

@jbxberg thank you so much for that comment. Returning an empty array works like a charm!!

@fushenghua

Copy link
Copy Markdown

Real trouble!!

@dgisbert

Copy link
Copy Markdown

@jbxberg Yes, your comment has been definitely useful.

@lizhanzhishang

Copy link
Copy Markdown

I want ignore SLL ,but its not work,why? who can help me ,

@cbyniiaii

Copy link
Copy Markdown

Caused by: java.lang.NullPointerException: Attempt to get length of null array at okhttp3.internal.tls.TrustRootIndex$BasicTrustRootIndex.<init>(TrustRootIndex.java:90) at okhttp3.internal.tls.TrustRootIndex.get(TrustRootIndex.java:48) at okhttp3.internal.tls.TrustRootIndex.get(TrustRootIndex.java:43) at okhttp3.internal.platform.Platform.buildCertificateChainCleaner(Platform.java:147) at okhttp3.internal.platform.AndroidPlatform.buildCertificateChainCleaner(AndroidPlatform.java:159) at okhttp3.internal.tls.CertificateChainCleaner.get(CertificateChainCleaner.java:41) at okhttp3.OkHttpClient$Builder.sslSocketFactory(OkHttpClient.java:602)

@shivangbtech

Copy link
Copy Markdown

facing same problem.

@cogree

cogree commented Oct 31, 2016

Copy link
Copy Markdown

+1 to @jbxberg, avoiding the java.lang.NullPointerException: Attempt to get length of null array error is as simple as replacing this:

@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
    return null;
}

with this:

@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
     return new java.security.cert.X509Certificate[0];
}

@TrimGHU

TrimGHU commented Jan 18, 2017

Copy link
Copy Markdown

+1 @cpgree Good Job!

@gradylu

gradylu commented Mar 24, 2017

Copy link
Copy Markdown

@cogree,

good job

@mefarazath

mefarazath commented May 7, 2017

Copy link
Copy Markdown

I tweaked the code a bit to work with OkHttp3
https://gist.github.com/mefarazath/c9b588044d6bffd26aac3c520660bf40

@iamakg

iamakg commented Jun 2, 2017

Copy link
Copy Markdown

Thanks mefarazath!

@haipq7641

Copy link
Copy Markdown

Ignores all SSL is bad idea.
Using https://network-security.haipq.com to get config ssl for Android

@dfz2019

dfz2019 commented Jul 20, 2018

Copy link
Copy Markdown

Thanks a lot! This works for me. Although ignoring all the SSL certificates are dangerous, but if we only use it for local development environment, it should be fine.

@hrieke

hrieke commented Oct 4, 2019

Copy link
Copy Markdown

License?

@VedGaur2045

Copy link
Copy Markdown

I have this error.

java.lang.RuntimeException: java.lang.IllegalStateException: trustManager.acceptedIssuers must not be null
at com.example.advertiseapp.API_Package.RetrofitClientBase.getUnsafeOkHttpClient(RetrofitClientBase.java:103)
at com.example.advertiseapp.API_Package.RetrofitClientBase.getEmpConnectService(RetrofitClientBase.java:40)
at com.example.advertiseapp.API_Package.RetrofitClientBase.initInstance(RetrofitClientBase.java:33)
at com.example.advertiseapp.API_Package.RetrofitClientBase.getRetrofitInstance(RetrofitClientBase.java:29)
at com.example.advertiseapp.RegisterDeviceActivity.LogInApi(RegisterDeviceActivity.java:157)
at com.example.advertiseapp.RegisterDeviceActivity.access$000(RegisterDeviceActivity.java:56)
at com.example.advertiseapp.RegisterDeviceActivity$1.onClick(RegisterDeviceActivity.java:136)
at android.view.View.performClick(View.java:6597)
at android.view.View.performClickInternal(View.java:6574)
at android.view.View.access$3100(View.java:778)
at android.view.View$PerformClick.run(View.java:25885)
at android.os.Handler.handleCallback(Handler.java:873)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:193)
at android.app.ActivityThread.main(ActivityThread.java:6669)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)
Caused by: java.lang.IllegalStateException: trustManager.acceptedIssuers must not be null
at okhttp3.internal.platform.Platform.buildTrustRootIndex(Platform.kt:169)
at okhttp3.internal.platform.AndroidPlatform.buildTrustRootIndex(AndroidPlatform.kt:168)
at okhttp3.internal.platform.Platform.buildCertificateChainCleaner(Platform.kt:159)
at okhttp3.internal.platform.AndroidPlatform.buildCertificateChainCleaner(AndroidPlatform.kt:157)
at okhttp3.internal.tls.CertificateChainCleaner$Companion.get(CertificateChainCleaner.kt:42)
at okhttp3.OkHttpClient$Builder.sslSocketFactory(OkHttpClient.kt:728)
at com.example.advertiseapp.API_Package.RetrofitClientBase.getUnsafeOkHttpClient(RetrofitClientBase.java:92)
at com.example.advertiseapp.API_Package.RetrofitClientBase.getEmpConnectService(RetrofitClientBase.java:40) 
at com.example.advertiseapp.API_Package.RetrofitClientBase.initInstance(RetrofitClientBase.java:33) 
at com.example.advertiseapp.API_Package.RetrofitClientBase.getRetrofitInstance(RetrofitClientBase.java:29) 
at com.example.advertiseapp.RegisterDeviceActivity.LogInApi(RegisterDeviceActivity.java:157) 
at com.example.advertiseapp.RegisterDeviceActivity.access$000(RegisterDeviceActivity.java:56) 
at com.example.advertiseapp.RegisterDeviceActivity$1.onClick(RegisterDeviceActivity.java:136) 
at android.view.View.performClick(View.java:6597) 
at android.view.View.performClickInternal(View.java:6574) 
at android.view.View.access$3100(View.java:778) 
at android.view.View$PerformClick.run(View.java:25885) 
at android.os.Handler.handleCallback(Handler.java:873) 
at android.os.Handler.dispatchMessage(Handler.java:99) 
at android.os.Looper.loop(Looper.java:193) 
at android.app.ActivityThread.main(ActivityThread.java:6669) 
at java.lang.reflect.Method.invoke(Native Method) 
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493) 
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858) 

@daviek19

Copy link
Copy Markdown

you are a life saver.

@tomascrespo

tomascrespo commented Mar 30, 2021

Copy link
Copy Markdown

I have this error.

java.lang.RuntimeException: java.lang.IllegalStateException: trustManager.acceptedIssuers must not be null
at com.example.advertiseapp.API_Package.RetrofitClientBase.getUnsafeOkHttpClient(RetrofitClientBase.java:103)
...

Replace
@Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; }

With
@Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[]{}; }

@dineshr93

Copy link
Copy Markdown

Hi @chalup Can u license your code to Apache 2.0 same as okhttp library?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment