Disabling SSL checks with Apache HttpClient 4.3.x
In some contexts, it might very useful to disable the SSL checks when connecting to https using Java. In my case, I was creating a temporary test server using Docker, where the proxy in front of my application was an Nginx with a self signed certificate.
Of course, when connecting with Java, this call is rejected because:
- the certificate chain is invalid
- the host name cannot be trusted
But the truth is: in this very context, I do not care.
Disclaimer: of course such checks MUST be enabled against a production-like environment or external system.
Using Apache HttpClient 4.x, disabling SSL checks is actually quite easy:
SSLConnectionSocketFactory sslSocketFactory;
if (disableSsl) {
SSLContext ctx;
try {
X509TrustManager x509TrustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx = SSLContext.getInstance("TLS");
ctx.init(new KeyManager[0], new TrustManager[]{x509TrustManager}, new SecureRandom());
} catch (NoSuchAlgorithmException | KeyManagementException e) {
throw new OTHttpClientSSLSetupException(e);
}
sslSocketFactory = new SSLConnectionSocketFactory(
ctx,
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER
);
} else {
sslSocketFactory = SSLConnectionSocketFactory.getSocketFactory();
}
Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory())
.register("https", sslSocketFactory)
.build();
HttpClient client = HttpClientBuilder.create()
.setConnectionManager(new PoolingHttpClientConnectionManager(registry))
.build();
That's it. I fall back to the defaults when I do not want to disable the SSL checks.