#248 httpclient请求时忽略掉对服务器端证书的校验，以避免某些情况下微信请求会出现40029或443 failed to respond的问题

binarywang · binarywang · commit b2f8ee14477d · 2017-06-13T19:00:49.000+08:00
diff --git a/weixin-java-common/src/main/java/me/chanjar/weixin/common/util/http/apache/DefaultApacheHttpClientBuilder.java b/weixin-java-common/src/main/java/me/chanjar/weixin/common/util/http/apache/DefaultApacheHttpClientBuilder.java
@@ -14,16 +14,24 @@
 import org.apache.http.conn.socket.ConnectionSocketFactory;
 import org.apache.http.conn.socket.PlainConnectionSocketFactory;
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.TrustStrategy;
 import org.apache.http.impl.client.BasicCredentialsProvider;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
 import org.apache.http.protocol.HttpContext;
+import org.apache.http.ssl.SSLContexts;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.net.ssl.SSLContext;
 import java.io.IOException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicBoolean;
 
@@ -214,6 +222,7 @@ private synchronized void prepare() {
     this.httpClientBuilder = HttpClients.custom()
       .setConnectionManager(connectionManager)
       .setConnectionManagerShared(true)
+      .setSSLSocketFactory(this.buildSSLConnectionSocketFactory())
       .setDefaultRequestConfig(
         RequestConfig.custom()
           .setSocketTimeout(this.soTimeout)
@@ -240,6 +249,29 @@ private synchronized void prepare() {
     prepared.set(true);
   }
 
+  private SSLConnectionSocketFactory buildSSLConnectionSocketFactory() {
+    try {
+      SSLContext sslcontext = SSLContexts.custom()
+        //忽略掉对服务器端证书的校验
+        .loadTrustMaterial(new TrustStrategy() {
+          @Override
+          public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+            return true;
+          }
+        }).build();
+
+      return new SSLConnectionSocketFactory(
+        sslcontext,
+        new String[]{"TLSv1"},
+        null,
+        SSLConnectionSocketFactory.getDefaultHostnameVerifier());
+    } catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException e) {
+      this.log.error(e.getMessage(), e);
+    }
+
+    return null;
+  }
+
   @Override
   public CloseableHttpClient build() {
     if (!prepared.get()) {
