Open in app

Sign in

Write

Sign in

Bypass SSL Cert code in Java/ Python/ GoLang.

Ashutosh Dash
3 min readJun 8, 2022

--

To understand, what is SSL and how it works please look into this small story.

To disable or bypass SSL certificate checking is never a recommended solution for SSL issues. However, in some cases, we need to do that for the development and test environment mostly. It is obvious that these solutions are only for test code, It should not end up in production.

Please note that these solutions are not for avoiding securities in this application. The goal is to access the content with minimal effort bypassing the SSL cert verification process.

In Java:

There are multiple solutions for achieving this in java over the internet. One of the is HERE (to add a self-signed certificate to the Java trusted X509 certificate repository using Java Keystore). But this solution is very lengthy and going to give multiple errors to handle and to spend time around it.

Below we are going to look into a solution, Instead of ignoring or avoiding all certificates to get your connection to work, Here we are going to accept/ trust all certificates by using X509TrustManager In javax.net.ssl. and also this is fewer lines of code solution.

Create a class for the UnsafeX509ExtendedTrustManager as per the below code.

package com.collector.helper;import javax.net.ssl.SSLEngine;
 import javax.net.ssl.X509ExtendedTrustManager;
 import java.net.Socket;
 import java.security.cert.X509Certificate;public final class UnsafeX509ExtendedTrustManager extends X509ExtendedTrustManager {private static final X509ExtendedTrustManager INSTANCE = new UnsafeX509ExtendedTrustManager();
     private static final X509Certificate[] EMPTY_CERTIFICATES = new X509Certificate[0];private UnsafeX509ExtendedTrustManager() {}public static X509ExtendedTrustManager getInstance() {
         return INSTANCE;
     }@Override
     public void checkClientTrusted(X509Certificate[] certificates, String authType) {}@Override
     public void checkClientTrusted(X509Certificate[] certificates, String authType, Socket socket) {}@Override
     public void checkClientTrusted(X509Certificate[] certificates, String authType, SSLEngine sslEngine) {}@Override
     public void checkServerTrusted(X509Certificate[] certificates, String authType) {}@Override
     public void checkServerTrusted(X509Certificate[] certificates, String authType, Socket socket) {}@Override
     public void checkServerTrusted(X509Certificate[] certificates, String authType, SSLEngine sslEngine) {}@Override
     public X509Certificate[] getAcceptedIssuers() {
         return EMPTY_CERTIFICATES;
     }}

Then add the below code to your HTTP call class to avoid the cert fetch and do the HTTP call as below.

HostnameVerifier hostnameVerifier = (host, sslSession) -> true;
 //create a trust manager
 TrustManager[] trustManagers = new TrustManager[]{UnsafeX509ExtendedTrustManager.getInstance()};
 SSLContext sslContext = SSLContext.getInstance("TLS");
 sslContext.init(null, trustManagers, null);
 LayeredConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
 CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();

In Python:

In python, the solution is a little different. We will ignore the connection warnings to proceed. Create a .py file Ignore_SSL.py and paste the below code.

'''@author: Ashutosh
 '''
 import warnings
 import contextlibimport requests
 from urllib3.exceptions import InsecureRequestWarningold_merge_environment_settings = requests.Session.merge_environment_settings@contextlib.contextmanager
 def no_ssl_verification():
     opened_adapters = set()def merge_environment_settings(self, url, proxies, stream, verify, cert):
         # Verification happens only once per connection so we need to close
         # all the opened adapters once we're done. Otherwise, the effects of
         # verify=False persist beyond the end of this context manager.
         opened_adapters.add(self.get_adapter(url))settings = old_merge_environment_settings(self, url, proxies, stream, verify, cert)
         settings['verify'] = Falsereturn settingsrequests.Session.merge_environment_settings = merge_environment_settingstry:
         with warnings.catch_warnings():
             warnings.simplefilter('ignore', InsecureRequestWarning)
             yield
     finally:
         requests.Session.merge_environment_settings = old_merge_environment_settingsfor adapter in opened_adapters:
             try:
                 adapter.close()
             except:
                 pass

To call this module into your code you can use something like the below.

r = ''with no_ssl_verification():
     r = requests.get(url = URL)
 data = r.json()
 print(data)

In GoLang:

ŵill add it later.

Ssl Certificate
Ssl
Sslsecurity

--

--

Ashutosh Dash
Ashutosh Dash

Written by Ashutosh Dash

7 Followers
1 Following

This blog is more like keeping technical notes from my learnings for the future.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams