Add support for self signed certificates

Question

Add support for self signed certificates

koush opened this issue 11 years ago · 17 comments

Need support for custom SSL Context and TrustManagers for use during SSL handshaking.

Answer 1 · 2013-06-05T07:10:57.000Z

Fixed with:

Ion.getDefault(getContext()).getHttpClient().getSSLSocketMiddleware().setTrustManagers(...);
Ion.getDefault(getContext()).getHttpClient().getSSLSocketMiddleware().setSSLContext(...);

Fix was in AndroidAsync:
koush/AndroidAsync@968638d

Answer 2 · 2013-06-05T07:19:48.000Z

This test case is also a good sample:

koush/AndroidAsync@968638d#L6R1

Answer 3 · 2013-11-27T19:07:30.000Z

Excuse me for asking,
this implementation is basically like "trust all incoming certificate" and not some specific certificate, right?

Answer 4 · 2013-11-27T19:23:27.000Z

It's an implementation to trust a specific cert.

Answer 5 · 2013-11-27T19:36:55.000Z

But it doesn't load a specific CA from file, or somewhere, like in here http://developer.android.com/training/articles/security-ssl.html#UnknownCa, so how does it trust from specific cert?

Answer 6 · 2013-11-27T19:47:30.000Z

It does exactly that:

koush/AndroidAsync@968638d#diff-f1b421e2e337ad983791aaef62f7de28R33

See the bit where it sets up it's own trust manager and loads a self signed cert.

Answer 7 · 2013-11-27T20:08:28.000Z

Oh, shit. I realized that I misread second comment (or first) this whole time.
Thank you for clarification, Koush.

Answer 8 · 2014-03-10T12:58:28.000Z

Is there maybe a simple example showing how to use this when using Ion to connect to a RESTful server using self signed certificates?

Answer 9 · 2014-07-22T14:13:58.000Z

As Ion.with(...) uses a new HttpClient for each call - how can we set a trustManager to be used for all Ion requests?

Answer 10 · 2015-02-20T17:25:04.000Z

EDIT
@mannaz I got Ion.with to work like this:

    Ion ion = Ion.getDefault(c);
    ion.configure().createSSLContext("TLS");
    ion.getHttpClient().getSSLSocketMiddleware().setSSLContext(sslContext);
    ion.getHttpClient().getSSLSocketMiddleware().setTrustManagers(trustManagers);

( Ion.getDefault(c) is used in Ion.with{})

Answer 11 · 2015-02-20T23:30:17.000Z

ion uses the same http client every call.

Answer 12 · 2015-02-21T07:36:32.000Z

@koush yes, but as the examples setup

AsyncHttpClient.getDefaultInstance()

and Ion.getDefault(c) is on

new AsyncHttpClient(new AsyncServer("ion-" + name));

the example code does not match the usage of Ion.with ..
That was what was confusing here I guess.

Answer 13 · 2015-02-21T09:03:50.000Z

ion.with calls into ion.getDefault.

Answer 14 · 2015-02-21T09:04:45.000Z

oh, you were assuming that ion uses the default asynchttpclient. nah, it has it's own.

Answer 15 · 2016-03-03T16:24:38.000Z

Is there a reason .setTrustManagers(...) must be called as well? I thought the SSLContext is initialized with a set of trust managers, this seems like a duplication of effort.

Answer 16 · 2017-03-04T15:50:23.000Z

i use Cloudflare Free SSL and getting Error
this is how i resolve it https://gist.github.com/ibnux/4bf68e16e1228b6568a349c583d1cd32

Answer 17 · 2017-09-06T08:54:10.000Z

for future reference : https://gist.github.com/muhammad-naderi/fad2c163ac61e0b7282209c07f5dadf5