用 httpClient 连接 https 服务,如果证书与 host 不匹配,就会报:Certificate for <124.xxx.xxx.xxx> doesn't match any of the subject alternative names
可以通过在创建 SSLConnectionSocketFactory 时增加一个参数,禁用这个匹配性校验。
SSLContext sslContext = new SSLContextBuilder() .loadTrustMaterial(null, (TrustStrategy) (chain, authType) -> true) .build(); HostnameVerifier verifier = (s, sslSession) -> true; SSLConnectionSocketFactory factory = new SSLConnectionSocketFactory(sslContext, verifier); return HttpClients.custom() .setSSLSocketFactory(factory) .build();
