使用retrofit + okhttp 访问https接口会报错:
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
出现这个问题是没有对 OkhttpClient 的SSL进行配置
解决方法:
在对OkhttpClient进行配置的时候,新增sslSocketFactory的配置
X509TrustManager xtm = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
};
SSLContext sslContext = null;
try {
sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, new TrustManager[]{xtm}, new SecureRandom());
} catch (NoSuchAlgorithmException | KeyManagementException e) {
e.printStackTrace();
}
// 避开hostnameVerifier认证,回调方法直接返回true
HostnameVerifier DO_NOT_VERIFY = (hostname, session) -> true;
OkHttpClient.Builder builder= new OkHttpClient.Builder();
if(sslContext!=null){
builder.sslSocketFactory(sslContext.getSocketFactory(),xtm)
.hostnameVerifier(DO_NOT_VERIFY)
.build();
}