Bypass SSL Cert code in Java/ Python/ GoLang.

To understand, what is SSL and how it works please look into this small story.

To disable or bypass SSL certificate checking is never a recommended solution for SSL issues. However, in some cases, we need to do that for the development and test environment mostly. It is obvious that these solutions are only for test code, It should not end up in production.

Please note that these solutions are not for avoiding securities in this application. The goal is to access the content with minimal effort bypassing the SSL cert verification process.

In Java:

There are multiple solutions for achieving this in java over the internet. One of the is HERE (to add a self-signed certificate to the Java trusted X509 certificate repository using Java Keystore). But this solution is very lengthy and going to give multiple errors to handle and to spend time around it.

Below we are going to look into a solution, Instead of ignoring or avoiding all certificates to get your connection to work, Here we are going to accept/ trust all certificates by using X509TrustManager In javax.net.ssl. and also this is fewer lines of code solution.

Create a class for the UnsafeX509ExtendedTrustManager as per the below code.

package com.collector.helper;import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedTrustManager;
import java.net.Socket;
import java.security.cert.X509Certificate;
public final class UnsafeX509ExtendedTrustManager extends X509ExtendedTrustManager {private static final X509ExtendedTrustManager INSTANCE = new UnsafeX509ExtendedTrustManager();
private static final X509Certificate[] EMPTY_CERTIFICATES = new X509Certificate[0];
private UnsafeX509ExtendedTrustManager() {}public static X509ExtendedTrustManager getInstance() {
return INSTANCE;
}
@Override
public void checkClientTrusted(X509Certificate[] certificates, String authType) {}
@Override
public void checkClientTrusted(X509Certificate[] certificates, String authType, Socket socket) {}
@Override
public void checkClientTrusted(X509Certificate[] certificates, String authType, SSLEngine sslEngine) {}
@Override
public void checkServerTrusted(X509Certificate[] certificates, String authType) {}
@Override
public void checkServerTrusted(X509Certificate[] certificates, String authType, Socket socket) {}
@Override
public void checkServerTrusted(X509Certificate[] certificates, String authType, SSLEngine sslEngine) {}
@Override
public X509Certificate[] getAcceptedIssuers() {
return EMPTY_CERTIFICATES;
}
}

Then add the below code to your HTTP call class to avoid the cert fetch and do the HTTP call as below.

HostnameVerifier hostnameVerifier = (host, sslSession) -> true;
//create a trust manager
TrustManager[] trustManagers = new TrustManager[]{UnsafeX509ExtendedTrustManager.getInstance()};
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustManagers, null);
LayeredConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();

In Python:

In python, the solution is a little different. We will ignore the connection warnings to proceed. Create a .py file Ignore_SSL.py and paste the below code.

'''@author: Ashutosh
'''
import warnings
import contextlib
import requests
from urllib3.exceptions import InsecureRequestWarning
old_merge_environment_settings = requests.Session.merge_environment_settings@contextlib.contextmanager
def no_ssl_verification():
opened_adapters = set()
def merge_environment_settings(self, url, proxies, stream, verify, cert):
# Verification happens only once per connection so we need to close
# all the opened adapters once we're done. Otherwise, the effects of
# verify=False persist beyond the end of this context manager.
opened_adapters.add(self.get_adapter(url))
settings = old_merge_environment_settings(self, url, proxies, stream, verify, cert)
settings['verify'] = False
return settingsrequests.Session.merge_environment_settings = merge_environment_settingstry:
with warnings.catch_warnings():
warnings.simplefilter('ignore', InsecureRequestWarning)
yield
finally:
requests.Session.merge_environment_settings = old_merge_environment_settings
for adapter in opened_adapters:
try:
adapter.close()
except:
pass

To call this module into your code you can use something like the below.

r = ''with no_ssl_verification():
r = requests.get(url = URL)
data = r.json()
print(data)

In GoLang:

ŵill add it later.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store