Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Disable SSL Certificate check

See original GitHub issue

Hello,

I’m writing a server on Spring and I’m using Spring Security to limit connections to HTTPS, running the WAR on Tomcat. The server auto-generates a self-signed certificate and as I am using it in a development environment, I don’t want to go through the hassle of obtaining proper certificates or something. This means that Unirest (or rather the underlying HTTP client) rejects the certificate with the following exception:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

It’s a pretty frustrating situation to be in, as I genuinely believe many people are using Unirest with these certificates. I think I can circumvent this issue by creating a custom HttpClient object and giving it to Unirest as the default, but I’d rather not mess with Unirest, in order to avoid any future issues down the line.

I’ve noticed that the PHP version got this option (Mashape/unirest-php#27) quite some time ago.

My questions are:

  1. Am I missing something obvious that would let me disable SSL certificate check? If so, would you kindly point me in the direction?
  2. If not, are there any plans to introduce this setting to the Java version as well?

Thanks in advance for your time.

Issue Analytics

  • State:closed
  • Created 9 years ago
  • Comments:17

github_iconTop GitHub Comments

7reactions
boodskapcommented, Jul 15, 2017

import java.security.cert.X509Certificate; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import com.mashape.unirest.http.HttpResponse; import com.mashape.unirest.http.Unirest; import com.mashape.unirest.http.exceptions.UnirestException;

static {
	try {

		TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
			public java.security.cert.X509Certificate[] getAcceptedIssuers() {
				return null;
			}

			public void checkClientTrusted(X509Certificate[] certs, String authType) {
			}

			public void checkServerTrusted(X509Certificate[] certs, String authType) {
			}

		} };
		

		SSLContext sslcontext = SSLContext.getInstance("SSL");
		sslcontext.init(null, trustAllCerts, new java.security.SecureRandom());
		HttpsURLConnection.setDefaultSSLSocketFactory(sslcontext.getSocketFactory());
		SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext);
		CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
		Unirest.setHttpClient(httpclient);

	} catch (Exception e) {
		e.printStackTrace();
	}
}
7reactions
aemreunalcommented, Feb 8, 2015

I achieved self-signed certificate trusting with the following code:

SSLContext sslcontext = SSLContexts.custom()
                                   .loadTrustMaterial(null, new TrustSelfSignedStrategy())
                                   .build();

SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext);
CloseableHttpClient httpclient = HttpClients.custom()
                                            .setSSLSocketFactory(sslsf)
                                            .build();
Unirest.setHttpClient(httpclient);

However, the requests are incredibly slow (~10 seconds with custom HttpClient and Unirest, on the localhost) compared to a regular REST client (~0.14 second with CocoaRestClient, on the localhost). You might imagine that with such a speed, Unirest becomes unusable.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Disabling SSL Certificate Validation - IBM
Procedure · Open the Rapport Console · In the dashboard, click Console arrow · In the Security Policy area, click Edit Policy. A...
Read more >
Ignore SSL Certificate Checks with Curl - ReqBin
To ignore invalid and self-signed certificate checks on Curl, use the -k or --insecure command-line option. This option allows Curl to perform " ......
Read more >
[335] Turn Off SSL Certificates on Google Chrome
Turn Off SSL Certificates on Google Chrome · Click the Chrome menu Chrome menu on the browser toolbar. · Select Settings. · Click...
Read more >
How to ignore the certificate check when ssl - Stack Overflow
Here is sample code showing how ignoring certificate validation errors for specific servers might be implemented in a Web API controller. using System.Net.Http; ......
Read more >
How to ignore invalid and self signed ssl connection errors ...
If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. Here is one useful example where...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Per request proxy config

Next page

mvn clean assembly:assembly can't complete