Login/Register
Alternative to sslSocketFactory in Java10
Asked Answered
Solved javassljava-9okhttpjava-10
L

2

7

I am using OkHttp and I need to ignore SSL errors for application debugging. This used to work in Java 8.

final TrustManager[] trustAllCerts = new TrustManager[] {
            new X509TrustManager() {
                @Override
                public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
                }

                @Override
                public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
                }

                @Override
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return new java.security.cert.X509Certificate[]{};
                }
            }
    };

    SSLContext sslContext = null;
    try {
        sslContext = SSLContext.getInstance("SSL");
        sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
    } catch (Exception s) {
        s.printStackTrace();
    }
    final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

    //
    //.sslSocketFactory(sslSocketFactory) throws error.
    client = new OkHttpClient.Builder().sslSocketFactory(sslSocketFactory).build();

But in Java 9 and 10 I get this error.

java.lang.UnsupportedOperationException: clientBuilder.sslSocketFactory(SSLSocketFactory) not supported on JDK 9+

Is there another way to ignore OkHttp SSL errors in Java 9 and 10 without using sslSocketFactory?

Leopard answered 29/5, 2018 at 23:27 Comment(2)
SSL errors cannot be ignored. You need to fix the SSL errors, and you need to not disappear down rabbit holes like 'alternatives to SSLSocketFactory'.Alikee
@EJP Reread my question I need to ignore the errors so I can use a proxy server to make sure my requests are being sent to my site properly.Leopard
P
9

Use sslSocketFactory(SSLSocketFactory sslSocketFactory, X509TrustManager trustManager)

In your code example you construct a X509TrustManager, just pass it in along with the socket factory.

Priestly answered 30/5, 2018 at 0:24 Comment(1)
Is there any other work around for this(Without changing code)? I,e,. passing some jvm options...... Saw here: github.com/eleree/okhttp-gradle/blob/master/src/main/java/… X509TrustManager -> Not supported due to access checks on JDK 9+.Tabular
H
-1

The issue is that the single parameter version of sslSocketFactory() has been changed to throw the above error. You just need to refactor somethings and use the 2 parameter version of it, but you can still keep your anonymous class with the overridden methods.

Here is the above code refactored to work:

X509TrustManager x509TrustManager = new X509TrustManager() {
  @Override
  public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType)
      throws CertificateException {
  }

  @Override
  public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType)
      throws CertificateException {
  }

  @Override
  public java.security.cert.X509Certificate[] getAcceptedIssuers() {
    return new java.security.cert.X509Certificate[]{};
  }
};
     
final TrustManager[] trustAllCerts = new TrustManager[] {x509TrustManager};

SSLContext sslContext = null;
try {
  sslContext = SSLContext.getInstance("SSL");
  sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
} catch (Exception s) {
  s.printStackTrace();
}
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();


// Since sslSocketFactory(sslSocketFactory) throws an error 
//  use sslSocketFactory(sslSocketFactory, x509TrustManager)
client = new OkHttpClient.Builder().sslSocketFactory(sslSocketFactory, x509TrustManager).build();
Hiawatha answered 15/9, 2020 at 1:28 Comment(2)
The single parameter socketFactory() is not deprecated in Java 9, It is not even part of Java 9. It is part of OkHttpClient, where it has obviously been not merely deprecated but actively changed to throw this exception.Alikee
@MarquisofLorne Thanks for the correction, updated.Hiawatha

© 2022 - 2024 — McMap. All rights reserved.