Skip TLS certificate verify
szerwi opened this issue · 3 comments
Proposal:
I cannot find any option to disable TLS certificate verification when using HTTPS.
Currently I get an error: javax.net.ssl.SSLPeerUnverifiedException: Hostname not verified
In old influxdb-java client I can see that there is an option to pass OkHttp client when building InfluxDB client: https://github.com/influxdata/influxdb-java/blob/master/src/main/java/org/influxdb/InfluxDBFactory.java#L80
However, I cannot find that option here.
Hi @szerwi,
thanks for using our client.
You can use something like following code to disable TLS certificate verify:
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[]{};
}
}
};
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
OkHttpClient.Builder okHttpClient = new OkHttpClient.Builder()
.sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) trustAllCerts[0])
.hostnameVerifier((hostname, session) -> true);
InfluxDBClientOptions options = InfluxDBClientOptions
.builder()
.url("http://localhost:9999")
.authenticateToken("my-token".toCharArray())
.okHttpClient(okHttpClient)
.build();
try (InfluxDBClient client = InfluxDBClientFactory.create(options)) {
}
Regards
Hi @bednar,
Thank you for your help! However, I forgot to mention one crucial thing - I'm using Kotlin client (on Android app). Is it possible to pass OkHttp client in InfluxDB builder also in Kotlin client?
Hi @bednar,
Thank you for your help! However, I forgot to mention one crucial thing - I'm using Kotlin client (on Android app). Is it possible to pass OkHttp client in InfluxDB builder also in Kotlin client?
You can use something like this:
val trustAllCerts = arrayOf<TrustManager>(
object : X509TrustManager {
override fun checkClientTrusted(chain: Array<X509Certificate>, authType: String) {}
override fun checkServerTrusted(chain: Array<X509Certificate>, authType: String) {}
override fun getAcceptedIssuers(): Array<X509Certificate> {
return arrayOf()
}
}
)
val sslContext = SSLContext.getInstance("SSL")
sslContext.init(null, trustAllCerts, SecureRandom())
val okHttpClient: OkHttpClient.Builder = OkHttpClient.Builder()
.sslSocketFactory(sslContext.socketFactory, trustAllCerts[0] as X509TrustManager)
.hostnameVerifier { _: String?, _: SSLSession? -> true }
val options = InfluxDBClientOptions
.builder()
.url("http://localhost:9999")
.authenticateToken("my-token".toCharArray())
.okHttpClient(okHttpClient)
.build()
val client = InfluxDBClientKotlinFactory.create(options)
Regards