#248 httpclient请求时忽略掉对服务器端证书的校验，以避免某些情况下微信请求会出现40029或443 failed to respond的问题

2025-06-28 13:16:19 +08:00 · 2017-06-13 19:00:49 +08:00 · 2017-06-13 19:00:49 +08:00 · b2f8ee1447
commit b2f8ee1447
parent 007e736f74
1 changed files with 32 additions and 0 deletions
--- a/weixin-java-common/src/main/java/me/chanjar/weixin/common/util/http/apache/DefaultApacheHttpClientBuilder.java
+++ b/weixin-java-common/src/main/java/me/chanjar/weixin/common/util/http/apache/DefaultApacheHttpClientBuilder.java
@ -14,16 +14,24 @@ import org.apache.http.conn.HttpClientConnectionManager;
 import org.apache.http.conn.socket.ConnectionSocketFactory;
 import org.apache.http.conn.socket.PlainConnectionSocketFactory;
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.TrustStrategy;
 import org.apache.http.impl.client.BasicCredentialsProvider;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
 import org.apache.http.protocol.HttpContext;
+import org.apache.http.ssl.SSLContexts;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

+import javax.net.ssl.SSLContext;
 import java.io.IOException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicBoolean;

@ -214,6 +222,7 @@ public class DefaultApacheHttpClientBuilder implements ApacheHttpClientBuilder {
    this.httpClientBuilder = HttpClients.custom()
      .setConnectionManager(connectionManager)
      .setConnectionManagerShared(true)
+      .setSSLSocketFactory(this.buildSSLConnectionSocketFactory())
      .setDefaultRequestConfig(
        RequestConfig.custom()
          .setSocketTimeout(this.soTimeout)
@ -240,6 +249,29 @@ public class DefaultApacheHttpClientBuilder implements ApacheHttpClientBuilder {
    prepared.set(true);
  }

+  private SSLConnectionSocketFactory buildSSLConnectionSocketFactory() {
+    try {
+      SSLContext sslcontext = SSLContexts.custom()
+        //忽略掉对服务器端证书的校验
+        .loadTrustMaterial(new TrustStrategy() {
+          @Override
+          public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+            return true;
+          }
+        }).build();
+
+      return new SSLConnectionSocketFactory(
+        sslcontext,
+        new String[]{"TLSv1"},
+        null,
+        SSLConnectionSocketFactory.getDefaultHostnameVerifier());
+    } catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException e) {
+      this.log.error(e.getMessage(), e);
+    }
+
+    return null;
+  }
+
  @Override
  public CloseableHttpClient build() {
    if (!prepared.get()) {