Add support for self signed certificates

Question

Add support for self signed certificates

koush opened this issue 11 years ago · comments

Need support for custom SSL Context and TrustManagers for use during SSL handshaking.

Koushik Dutta · Answer 1 · Wed Jun 05 2013 15:10:57 GMT+0800 (China Standard Time)

Fixed with:

Ion.getDefault(getContext()).getHttpClient().getSSLSocketMiddleware().setTrustManagers(...);
Ion.getDefault(getContext()).getHttpClient().getSSLSocketMiddleware().setSSLContext(...);

Fix was in AndroidAsync:
koush/AndroidAsync@968638d

Koushik Dutta · Answer 2 · Wed Jun 05 2013 15:19:48 GMT+0800 (China Standard Time)

This test case is also a good sample:

koush/AndroidAsync@968638d#L6R1

Yolanda Dewi · Answer 3 · Thu Nov 28 2013 03:07:30 GMT+0800 (China Standard Time)

Excuse me for asking,
this implementation is basically like "trust all incoming certificate" and not some specific certificate, right?

Koushik Dutta · Answer 4 · Thu Nov 28 2013 03:23:27 GMT+0800 (China Standard Time)

It's an implementation to trust a specific cert.

Yolanda Dewi · Answer 5 · Thu Nov 28 2013 03:36:55 GMT+0800 (China Standard Time)

But it doesn't load a specific CA from file, or somewhere, like in here http://developer.android.com/training/articles/security-ssl.html#UnknownCa, so how does it trust from specific cert?

Koushik Dutta · Answer 6 · Thu Nov 28 2013 03:47:30 GMT+0800 (China Standard Time)

It does exactly that:

koush/AndroidAsync@968638d#diff-f1b421e2e337ad983791aaef62f7de28R33

See the bit where it sets up it's own trust manager and loads a self signed cert.

Yolanda Dewi · Answer 7 · Thu Nov 28 2013 04:08:28 GMT+0800 (China Standard Time)

Oh, shit. I realized that I misread second comment (or first) this whole time.
Thank you for clarification, Koush.

Richard van Zon · Answer 8 · Mon Mar 10 2014 20:58:28 GMT+0800 (China Standard Time)

Is there maybe a simple example showing how to use this when using Ion to connect to a RESTful server using self signed certificates?

Deleted user · Answer 9 · Tue Jul 22 2014 22:13:58 GMT+0800 (China Standard Time)

As Ion.with(...) uses a new HttpClient for each call - how can we set a trustManager to be used for all Ion requests?

Andreas Weber · Answer 10 · Sat Feb 21 2015 01:25:04 GMT+0800 (China Standard Time)

EDIT
@mannaz I got Ion.with to work like this:

    Ion ion = Ion.getDefault(c);
    ion.configure().createSSLContext("TLS");
    ion.getHttpClient().getSSLSocketMiddleware().setSSLContext(sslContext);
    ion.getHttpClient().getSSLSocketMiddleware().setTrustManagers(trustManagers);

( Ion.getDefault(c) is used in Ion.with{})

Koushik Dutta · Answer 11 · Sat Feb 21 2015 07:30:17 GMT+0800 (China Standard Time)

ion uses the same http client every call.

Andreas Weber · Answer 12 · Sat Feb 21 2015 15:36:32 GMT+0800 (China Standard Time)

@koush yes, but as the examples setup

AsyncHttpClient.getDefaultInstance()

and Ion.getDefault(c) is on

new AsyncHttpClient(new AsyncServer("ion-" + name));

the example code does not match the usage of Ion.with ..
That was what was confusing here I guess.

Koushik Dutta · Answer 13 · Sat Feb 21 2015 17:03:50 GMT+0800 (China Standard Time)

ion.with calls into ion.getDefault.

Koushik Dutta · Answer 14 · Sat Feb 21 2015 17:04:45 GMT+0800 (China Standard Time)

oh, you were assuming that ion uses the default asynchttpclient. nah, it has it's own.

Hugh Jeffner · Answer 15 · Fri Mar 04 2016 00:24:38 GMT+0800 (China Standard Time)

Is there a reason .setTrustManagers(...) must be called as well? I thought the SSLContext is initialized with a set of trust managers, this seems like a duplication of effort.

iBNu Maksum · Answer 16 · Sat Mar 04 2017 23:50:23 GMT+0800 (China Standard Time)

i use Cloudflare Free SSL and getting Error
this is how i resolve it https://gist.github.com/ibnux/4bf68e16e1228b6568a349c583d1cd32

Muhammad Naderi · Answer 17 · Wed Sep 06 2017 16:54:10 GMT+0800 (China Standard Time)

for future reference : https://gist.github.com/muhammad-naderi/fad2c163ac61e0b7282209c07f5dadf5