This blog focuses on Retrofit handling the SSLHandshakeException.
Using Retrofit as your network library is a very good option for Android app development. But many a time we face the SSLHandshakeException (java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.) to be particular.
This error means that the secure URL you are requesting is not allowing your Retrofit to connect and fetch data.
If you can manage to change the usage from https to http then this will work perfectly fine and you don’t need to change anything.
But, if you can’t then you need to modify your retrofit Request builder object ( OkHttpClient.Builder to be particular) so that your application can fetch the data and the exception mentioned in the title is not a hurdle anymore.
Logical Approach
You need to modify your OkHttpClient.Builder object in your Retrofit request so that your request can create a certificate that can be trusted by your server and your server can allow access to your request.
CODE
Modified OkHttpClient.Builder Object.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
public static OkHttpClient.Builder getUnsafeOkHttpClient() { try { // Create a trust manager that does not validate certificate chains final TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() { @Override public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { } @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[]{}; } } }; // Install the all-trusting trust manager final SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); // Create an ssl socket factory with our all-trusting manager final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); OkHttpClient.Builder builder = new OkHttpClient.Builder(); builder.sslSocketFactory(sslSocketFactory, (X509TrustManager) trustAllCerts[0]); builder.hostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }); return builder; } catch (Exception e) { throw new RuntimeException(e); } } |
using this object in your retrofit request.
|
1 2 3 4 |
Retrofit retrofit = new Retrofit.Builder() .baseUrl(YOUR_BASE_URL) .client(getUnsafeOkHttpClient().build()) .build(); |
That’s All.
Keep coding and Keep Sharing.
26 comments
It is good to hear that our blog helped you.
It means a lot.
But we don’t accept donations for technical blogs.
These blogs are one of the efforts from our side to make the mobile development community better.
Your Welcome
Hi,
Thanks for your appreciating words.
The images are perhaps not working becuase you might be using some different library to load the images.
If this is the case, then please do consider adding something similar for the image library as well.
If you are not using any library to load the images from a url, then please do let me know how are you loading the images so that i can suggest something.
Gracias por tus amables palabras
Consulte también nuestros otros blogs
You’re just attaboy. Thanks. It really helped. I’ve tried a bunch of options, but this is the only one that solved the problem.
Добро пожаловать
Your Welcome
You don’t see much of sslhandshakeexception in the newer versions of the android.
sslhandshakeexception is often related to issues with SSL/TLS configurations and how older Android versions handle secure connections
Thanks for your kind words.