This blog focuses on Retrofit handling the SSLHandshakeException.
Using Retrofit as your network library is a very good option for Android app development. But many a time we face the SSLHandshakeException (java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.) to be particular.
This error means that the secure URL you are requesting is not allowing your Retrofit to connect and fetch data.
If you can manage to change the usage from https to http then this will work perfectly fine and you don’t need to change anything.
But, if you can’t then you need to modify your retrofit Request builder object ( OkHttpClient.Builder to be particular) so that your application can fetch the data and the exception mentioned in the title is not a hurdle anymore.
Logical Approach
You need to modify your OkHttpClient.Builder object in your Retrofit request so that your request can create a certificate that can be trusted by your server and your server can allow access to your request.
CODE
Modified OkHttpClient.Builder Object.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
public static OkHttpClient.Builder getUnsafeOkHttpClient() { try { // Create a trust manager that does not validate certificate chains final TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() { @Override public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { } @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[]{}; } } }; // Install the all-trusting trust manager final SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); // Create an ssl socket factory with our all-trusting manager final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); OkHttpClient.Builder builder = new OkHttpClient.Builder(); builder.sslSocketFactory(sslSocketFactory, (X509TrustManager) trustAllCerts[0]); builder.hostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }); return builder; } catch (Exception e) { throw new RuntimeException(e); } } |
using this object in your retrofit request.
|
1 2 3 4 |
Retrofit retrofit = new Retrofit.Builder() .baseUrl(YOUR_BASE_URL) .client(getUnsafeOkHttpClient().build()) .build(); |
That’s All.
Keep coding and Keep Sharing.