我使用标准方式连接到SSL服务器,并使用此处描述的自签名证书:https://developer.android.com/training/articles/security-ssl.html为"Unknown certificate authority" .

一切都适用于Android 7 .

在Android 7及更高版本上,我收到证书异常,并显示以下消息:“java.security.cert.CertPathValidatorException:找不到证书路径的信任锚” .

我唯一能做的就是创建一个“空”的X509TrustManager,它接受所有证书:

final TrustManager[] trustAllCerts = new TrustManager[] 
{
  new javax.net.ssl.X509TrustManager() {
  @Override
  public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { }

 @Override
 public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {}

 @Override
 public java.security.cert.X509Certificate[] getAcceptedIssuers() { }
};

//and then
 sSslContext = SSLContext.getInstance("TLS");
 sSslContext.init(null, trustAllCerts, null);

但是当我将验证添加到checkServerTrusted函数时:

public void checkServerTrusted(java.security.cert.X509Certificate[] 
                   chain, String authType) throws CertificateException {
        ((X509TrustManager) trustManager.checkServerTrusted(chain, authType);
    }

一切都是一样的

我还检查了conscrypt库的来源,我看到 checkTrusted 函数将叶子放到不受信任的链上,如果leafAsAnchor == null就是这种情况 .

那么是否可以以这种方式使用自签名证书?