我正在尝试与自签名服务器建立套接字连接。
在我的 gradle 文件中,我使用以下内容:
implementation 'io.ktor:ktor-network:1.6.5'
implementation 'io.ktor:ktor-network-tls:1.6.5'
我的建立连接的代码:
socketConnection = aSocket( ActorSelectorManager( Dispatchers.IO ))
.tcp( ).connect( InetSocketAddress( "192.168.1.5", 8080 ))
.tls( Dispatchers.IO )
现在我厌倦了通过添加来信任证书
android:networkSecurityConfig="@xml/network_security_config"
到应用程序标签中我的
AndroidManifest.xml
。
我的
network_security_config.xml
:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config>
<domain includeSubdomains="true">192.168.78.74</domain>
<trust-anchors>
<certificates src="@raw/my_cert"/>
</trust-anchors>
</domain-config>
</network-security-config>
当我运行应用程序时,出现此错误:
java.security.cert.CertificateException: Domain specific configurations require that hostname aware checkServerTrusted(X509Certificate[], String, String) is used
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:112)
at io.ktor.network.tls.TLSClientHandshake.handleCertificatesAndKeys(TLSClientHandshake.kt:234)
at io.ktor.network.tls.TLSClientHandshake.negotiate(TLSClientHandshake.kt:165)
at io.ktor.network.tls.TLSClientHandshake$negotiate$1.invokeSuspend(Unknown Source:14)
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665)
我正在使用 ktor 并想使用 proxy man 来监控流量
为了解决该异常,我必须将代理直接添加到 HttpClient 并添加不检查证书的自定义信任管理器
仅将其用于开发目的..
val client = HttpClient(CIO) {
engine {
proxy = ProxyBuilder.http("http://PROXY_IP_HERE:PROXY_PORT_HERE/")
https {
trustManager = MyTrustManager(this)
}
}
}
class MyTrustManager(private val config: TLSConfigBuilder) : X509TrustManager {
private val delegate = config.build().trustManager
private val extensions = X509TrustManagerExtensions(delegate)
override fun checkClientTrusted(certificates: Array<out X509Certificate>?, authType: String?) {}
override fun checkServerTrusted(certificates: Array<out X509Certificate>?, authType: String?) {}
override fun getAcceptedIssuers(): Array<X509Certificate> = delegate.acceptedIssuers
}
具有以下网络安全配置:
<network-security-config>
<domain-config>
<!-- Make sure your URL Server here -->
<domain includeSubdomains="true">your_domain</domain>
<trust-anchors>
<certificates src="user"/>
<certificates src="system"/>
</trust-anchors>
</domain-config>
<debug-overrides>
<trust-anchors>
<certificates src="user" />
<certificates src="system" />
</trust-anchors>
</debug-overrides>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>
我在 Android 应用程序中使用 Ktor 时遇到了类似的异常:
java.security.cert.CertificateException: Domain specific configurations require that hostname aware checkServerTrusted(X509Certificate[], String, String) is used
经过长期的痛苦和挣扎,我尝试使用 OkHttp 和 Ktor 执行 2 个相同的请求。 Ktor 继续失败,而 OkHttp 运行良好。我的请求是 HTTPS,network_security_config 中没有任何具体内容。最后事实证明,当创建
io.ktor.client.HttpClient
的新实例时,您可以传递 io.ktor.client.engine.HttpClientEngine
并且有不同的引擎实现:
https://ktor.io/docs/client-engines.html
当我使用 Android 引擎时(位于依赖项
implementation("io.ktor:ktor-client-android:2.X.X")
)Ktor 停止崩溃,现在成功发出请求。
我希望这对某人有帮助