Skip TLS certificate verify

Question

Skip TLS certificate verify

szerwi opened this issue 2 years ago · 3 comments

Proposal:
I cannot find any option to disable TLS certificate verification when using HTTPS.
Currently I get an error: javax.net.ssl.SSLPeerUnverifiedException: Hostname not verified

In old influxdb-java client I can see that there is an option to pass OkHttp client when building InfluxDB client: https://github.com/influxdata/influxdb-java/blob/master/src/main/java/org/influxdb/InfluxDBFactory.java#L80
However, I cannot find that option here.

Answer 1 · 2022-12-21T08:21:34.000Z

Hi @szerwi,

thanks for using our client.

You can use something like following code to disable TLS certificate verify:

TrustManager[] trustAllCerts = new TrustManager[]{
        new X509TrustManager() {
            @Override
            public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {
            }

            @Override
            public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {
            }

            @Override
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return new java.security.cert.X509Certificate[]{};
            }
        }
};

SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());

OkHttpClient.Builder okHttpClient = new OkHttpClient.Builder()
        .sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) trustAllCerts[0])
        .hostnameVerifier((hostname, session) -> true);

InfluxDBClientOptions options = InfluxDBClientOptions
        .builder()
        .url("http://localhost:9999")
        .authenticateToken("my-token".toCharArray())
        .okHttpClient(okHttpClient)
        .build();

try (InfluxDBClient client = InfluxDBClientFactory.create(options)) {

}

Regards

Answer 2 · 2022-12-21T08:35:50.000Z

Hi @bednar,

Thank you for your help! However, I forgot to mention one crucial thing - I'm using Kotlin client (on Android app). Is it possible to pass OkHttp client in InfluxDB builder also in Kotlin client?

Answer 3 · 2022-12-21T09:04:47.000Z

Hi @bednar,

Thank you for your help! However, I forgot to mention one crucial thing - I'm using Kotlin client (on Android app). Is it possible to pass OkHttp client in InfluxDB builder also in Kotlin client?

You can use something like this:

val trustAllCerts = arrayOf<TrustManager>(
    object : X509TrustManager {
        override fun checkClientTrusted(chain: Array<X509Certificate>, authType: String) {}
        override fun checkServerTrusted(chain: Array<X509Certificate>, authType: String) {}
        override fun getAcceptedIssuers(): Array<X509Certificate> {
            return arrayOf()
        }
    }
)

val sslContext = SSLContext.getInstance("SSL")
sslContext.init(null, trustAllCerts, SecureRandom())

val okHttpClient: OkHttpClient.Builder = OkHttpClient.Builder()
    .sslSocketFactory(sslContext.socketFactory, trustAllCerts[0] as X509TrustManager)
    .hostnameVerifier { _: String?, _: SSLSession? -> true }

val options = InfluxDBClientOptions
    .builder()
    .url("http://localhost:9999")
    .authenticateToken("my-token".toCharArray())
    .okHttpClient(okHttpClient)
    .build()

val client = InfluxDBClientKotlinFactory.create(options)

Regards