堆栈内存溢出
  简体   繁体   English

Android:执行URL时绕过安全证书检查

[英]Android: Bypass security certificate check while doing a URL.Connect

 原文  2011-02-14 18:34:11       java/ android/ security

问题描述

I am working on Android app and as part of that, I have to connect to a HTTPS host.. This host users a security certificate that is not recognized by Android ! 我正在使用Android应用程序,因此,我必须连接到HTTPS主机。此主机用户使用Android不能识别的安全证书! This is a valid certificate but it is not trusted by Android... 这是有效的证书,但不受Android信任...

The system specefically raises an Security Exception: Certificate is not Trusted 系统特别引发安全异常:证书不受信任

My code is as shown: 我的代码如下所示: 

Url = new URL("https://example.com");
url_connection = (HttpsURLConnection) Url.openConnection();
url_connection.connect(); // This is where the exception is raised !

Due to the exception, the connection is not open ! 由于异常,连接未打开! I want to skip the certificate verification ... OR somehow the exception should not be raised and the connection should open... 我想跳过证书验证...或以某种方式不应该引发异常并且应该打开连接...

I am going to validate the certificates in next step after successful connection is made.. This is part of my app and hence during connection I want to skip this.. 建立成功连接后,我将在下一步中验证证书。.这是我的应用程序的一部分,因此在连接过程中,我想跳过此步骤。

I have searched for similar questions, but none of the answers work for me... I have tried the approach of creating my own SSL Factory and local trust managers but it does not work at all ... I get the exception NoSuchAlgorithmException when I do the following: 我已经搜索了类似的问题,但是没有一个答案对我有用。我尝试了创建自己的SSL工厂和本地信任管理器的方法,但是它根本不起作用...当我遇到异常NoSuchAlgorithmException时,请执行下列操作: 

ssl_context = SSLContext.getInstance("SSL"); // OR TSL for that matter..

Due to this, I am not able to proceed ... Please help.. 因此,我无法继续...请帮助..

The main issue is the exception... If the connection is made with errors or warnings, then also it is fine... 主要问题是异常...如果连接出现错误或警告,那也很好...

Please note: I do not want to import the certificates onto device, becuase this is not feasible solution... Otherwise all users will have to go through this manual step.. So, I want to validate the certificates programatically and make the connection... 请注意:我不希望将证书导入设备,因为这不是可行的解决方案...否则,所有用户都必须执行此手动步骤。.因此,我想以编程方式验证证书并建立连接。 ..

2 个解决方案

解决方案1
 0  2011-02-14 18:48:00

Do you mean TLS? 您是说TLS吗? Did you actually specify TLS or was TSL a typing error? 您实际上是指定TLS还是TSL键入错误?

I guess you could try other SSLContext names, see SSLContext Algorithm names but SSL or TLS should've returned something. 我猜您可以尝试使用其他SSLContext名称,请参阅SSLContext算法名称,但是SSL或TLS应该返回了某些内容。

解决方案2
 0 已采纳  2011-02-15 04:20:43

Can't you get the host certificate signed by a recognized CA? 您无法获得由公认的CA签署的主机证书吗? That would be a lot simpler than programming your way around it, which may introduce security risks. 这将比按照您的方式进行编程要简单得多,因为这样做可能会带来安全风险。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 绕过Shiro安全性中的网址 - bypass a url in shiro security 如何使用Retrofit 2.0绕过Android SSL证书检查 - How to bypass android SSL Certificate check with Retrofit 2.0 Spring Security 绕过 URL 或过滤器 - Spring Security bypass URL or Filter 调用Web服务时绕过HTTPS证书验证 - Bypass HTTPS certificate validation while invoking webservice 如何绕过https安全证书屏幕? - How can I bypass the https security certificate screen? 绕过 SSL 检查 java.net.URL - Bypass SSL check on java.net.URL Spring Security绕过特定URL的CSRF验证 - Spring security bypass CSRF verification for specific URL's 在Spring Security中,如何绕过URL的GET方法; 而不是POST之一 - In Spring Security, how to bypass the GET method of an URL; but not the POST one 如何防止根设备绕过 Android 中的证书锁定? - How to prevent root device to bypass certificate pinning in Android? Android:检查PFX证书的有效性 - Android : Check the validity of a PFX certificate
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM