Fresco: How to ignore HTTPS certificate validation?

Created on 20 Dec 2016 · 8Comments · Source: facebook/fresco

How to display untrusted images。
such as this pic :
https://kyfw.12306.cn/otn/passcodeNew/getPassCodeNew?module=other&rand=sjrand&0.3956683616166894

thank you very much !

Source

447zyg

Most helpful comment

Hi @447zyg, in general, one should not circumvent certificate validation.

However, if you see this to be indicated for your case: Look at http://frescolib.org/docs/using-other-network-layers.html for using OkHttp3 and then learn how to deactivate security for OkHttp3. There should be tons of answers on stack overflow.

lambdapioneer on 20 Dec 2016

👍3 ❤2 🎉2 😄1

All 8 comments

I want ignore certificate validation 。

447zyg on 20 Dec 2016

Hi @447zyg, in general, one should not circumvent certificate validation.

lambdapioneer on 20 Dec 2016

👍3 ❤2 🎉2 😄1

thank you very much . I did not think of that ! ~ . @lambdapioneer !

447zyg on 20 Dec 2016

@lambdapioneer
same problem.
I has deactivated security check in okhttpClient,which works in retrofit,but not work in fresco.

has fresco disabled some action of okhttp?

the code is here:
FrescoUtil

hss01248 on 22 Dec 2016

@447zyg can you perhaps help @hss01248 ? I'm not sufficiently familiar with OkHttp3 here.

lambdapioneer on 22 Dec 2016

@447zyg
@lambdapioneer
problem solved! today I run the code and it works, I found the reason it didn't work yesterday is because the
instant run of my android studio didn't work correctly.

hss01248 on 23 Dec 2016

@lambdapioneer ok 。
@hss01248
you can . try . this . to get the OKHttp

OkHttpClient client = getUnsafeOkHttpClient();

public static OkHttpClient getUnsafeOkHttpClient() {
try {
final TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}

            @Override
            public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {
            }

            @Override
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return new java.security.cert.X509Certificate[]{};
            }
        }
        };
        final SSLContext sslContext = SSLContext.getInstance("SSL");
        sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
        final javax.net.ssl.SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        builder.sslSocketFactory(sslSocketFactory);
        builder.hostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        });
        return builder.build();
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}

447zyg on 24 Dec 2016

Closing as the workaround detailed in this task seems to be enough to cover this use case.