Get OkHttpClient which ignores all SSL errors.

GagSsl.java

  private static OkHttpClient getUnsafeOkHttpClient() {
    try {
      // Create a trust manager that does not validate certificate chains
      final TrustManager[] trustAllCerts = new TrustManager[] {
          new X509TrustManager() {
            @Override
            public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
            }

            @Override
            public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
            }

            @Override
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
              return null;
            }
          }
      };

      // Install the all-trusting trust manager
      final SSLContext sslContext = SSLContext.getInstance("SSL");
      sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
      // Create an ssl socket factory with our all-trusting manager
      final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

      OkHttpClient okHttpClient = new OkHttpClient();
      okHttpClient.setSslSocketFactory(sslSocketFactory);
      okHttpClient.setHostnameVerifier(new HostnameVerifier() {
        @Override
        public boolean verify(String hostname, SSLSession session) {
          return true;
        }
      });

      return okHttpClient;
    } catch (Exception e) {
      throw new RuntimeException(e);
    }
  }

This isn't working for me. I'm getting "Failed to validate the certificate chain, error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found."

good!)

Thanks for response. I was banging my head against wall during lunch time... :+1

Note this approach doesn't work any more with current versions of OkHttp . With 3.1.1 it seems completely broken. From 3.1.2 onwards, X509TrustManager.getAcceptedIssuers() must return an empty array instead of null. For more information, see this commit (scroll down and see the notes under RealTrustRootIndex.java).

This is awesome! It worked for me but be warned your requests for images will not go through! anyone have a workaround for that ?

@jbxberg thank you so much for that comment. Returning an empty array works like a charm!!

Real trouble!!

@jbxberg Yes, your comment has been definitely useful.

I want ignore SLL ，but its not work，why？ who can help me ，

Caused by: java.lang.NullPointerException: Attempt to get length of null array at okhttp3.internal.tls.TrustRootIndex$BasicTrustRootIndex.<init>(TrustRootIndex.java:90) at okhttp3.internal.tls.TrustRootIndex.get(TrustRootIndex.java:48) at okhttp3.internal.tls.TrustRootIndex.get(TrustRootIndex.java:43) at okhttp3.internal.platform.Platform.buildCertificateChainCleaner(Platform.java:147) at okhttp3.internal.platform.AndroidPlatform.buildCertificateChainCleaner(AndroidPlatform.java:159) at okhttp3.internal.tls.CertificateChainCleaner.get(CertificateChainCleaner.java:41) at okhttp3.OkHttpClient$Builder.sslSocketFactory(OkHttpClient.java:602)

facing same problem.

+1 to @jbxberg, avoiding the java.lang.NullPointerException: Attempt to get length of null array error is as simple as replacing this:

@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
    return null;
}

with this:

@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
     return new java.security.cert.X509Certificate[0];
}

+1 @cpgree Good Job!

@cogree,

good job

I tweaked the code a bit to work with OkHttp3
https://gist.github.com/mefarazath/c9b588044d6bffd26aac3c520660bf40

Thanks mefarazath!

Ignores all SSL is bad idea.
Using https://network-security.haipq.com to get config ssl for Android

Thanks a lot! This works for me. Although ignoring all the SSL certificates are dangerous, but if we only use it for local development environment, it should be fine.

License?

I have this error.

java.lang.RuntimeException: java.lang.IllegalStateException: trustManager.acceptedIssuers must not be null
at com.example.advertiseapp.API_Package.RetrofitClientBase.getUnsafeOkHttpClient(RetrofitClientBase.java:103)
at com.example.advertiseapp.API_Package.RetrofitClientBase.getEmpConnectService(RetrofitClientBase.java:40)
at com.example.advertiseapp.API_Package.RetrofitClientBase.initInstance(RetrofitClientBase.java:33)
at com.example.advertiseapp.API_Package.RetrofitClientBase.getRetrofitInstance(RetrofitClientBase.java:29)
at com.example.advertiseapp.RegisterDeviceActivity.LogInApi(RegisterDeviceActivity.java:157)
at com.example.advertiseapp.RegisterDeviceActivity.access$000(RegisterDeviceActivity.java:56)
at com.example.advertiseapp.RegisterDeviceActivity$1.onClick(RegisterDeviceActivity.java:136)
at android.view.View.performClick(View.java:6597)
at android.view.View.performClickInternal(View.java:6574)
at android.view.View.access$3100(View.java:778)
at android.view.View$PerformClick.run(View.java:25885)
at android.os.Handler.handleCallback(Handler.java:873)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:193)
at android.app.ActivityThread.main(ActivityThread.java:6669)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)
Caused by: java.lang.IllegalStateException: trustManager.acceptedIssuers must not be null
at okhttp3.internal.platform.Platform.buildTrustRootIndex(Platform.kt:169)
at okhttp3.internal.platform.AndroidPlatform.buildTrustRootIndex(AndroidPlatform.kt:168)
at okhttp3.internal.platform.Platform.buildCertificateChainCleaner(Platform.kt:159)
at okhttp3.internal.platform.AndroidPlatform.buildCertificateChainCleaner(AndroidPlatform.kt:157)
at okhttp3.internal.tls.CertificateChainCleaner$Companion.get(CertificateChainCleaner.kt:42)
at okhttp3.OkHttpClient$Builder.sslSocketFactory(OkHttpClient.kt:728)
at com.example.advertiseapp.API_Package.RetrofitClientBase.getUnsafeOkHttpClient(RetrofitClientBase.java:92)
at com.example.advertiseapp.API_Package.RetrofitClientBase.getEmpConnectService(RetrofitClientBase.java:40) 
at com.example.advertiseapp.API_Package.RetrofitClientBase.initInstance(RetrofitClientBase.java:33) 
at com.example.advertiseapp.API_Package.RetrofitClientBase.getRetrofitInstance(RetrofitClientBase.java:29) 
at com.example.advertiseapp.RegisterDeviceActivity.LogInApi(RegisterDeviceActivity.java:157) 
at com.example.advertiseapp.RegisterDeviceActivity.access$000(RegisterDeviceActivity.java:56) 
at com.example.advertiseapp.RegisterDeviceActivity$1.onClick(RegisterDeviceActivity.java:136) 
at android.view.View.performClick(View.java:6597) 
at android.view.View.performClickInternal(View.java:6574) 
at android.view.View.access$3100(View.java:778) 
at android.view.View$PerformClick.run(View.java:25885) 
at android.os.Handler.handleCallback(Handler.java:873) 
at android.os.Handler.dispatchMessage(Handler.java:99) 
at android.os.Looper.loop(Looper.java:193) 
at android.app.ActivityThread.main(ActivityThread.java:6669) 
at java.lang.reflect.Method.invoke(Native Method) 
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493) 
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858) 

you are a life saver.

I have this error.

java.lang.RuntimeException: java.lang.IllegalStateException: trustManager.acceptedIssuers must not be null
at com.example.advertiseapp.API_Package.RetrofitClientBase.getUnsafeOkHttpClient(RetrofitClientBase.java:103)
...

Replace
@Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; }

With
@Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[]{}; }

Hi @chalup Can u license your code to Apache 2.0 same as okhttp library?