问CertPathValidatorException:未找到证书路径的信任锚点

EN

我将HTTPPinning添加到OKHTTPClient中，示例代码如下：

OkHttpClient client = new OkHttpClient();
client.setSslSocketFactory(getPinnedCertSslSocketFactory(context));


private SSLSocketFactory getPinnedCertSslSocketFactory(Context context) {
    try {
        KeyStore trusted = KeyStore.getInstance("BKS");
        InputStream incontext.getResources().openRawResource(R.raw.prod_keystore);
        trusted.load(in, "venkat@123".toCharArray());
        SSLContext sslContext = SSLContext.getInstance("TLS");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
                TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trusted);
        sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
        return sslContext.getSocketFactory();
    } catch (Exception e) {
        Log.e("MyApp", e.getMessage(), e);
    }
    return null;
}

我把这款应用上传到了playstore，从过去的1年开始，它一直运行良好。但是从过去的1周开始，我使用了com.squareup.okhttp:okhttp:2.7.4版本的OkHttp 未找到证书路径的java.security.cert.CertPathValidatorException:信任锚点。java.security.cert.CertPathValidatorException: javax.net.ssl.SSLHandshakeException:未找到证书路径的javax.net.ssl.SSLHandshakeException信任锚点。com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357) at com.squareup.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:192) at com.squareup.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:149) at com.squareup.okhttp.internal.io.RealConnection.connect(RealConnection.java:112) at com.squareup.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184) at com.squareup.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126) at com.squareup.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95) at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:281) at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:224) at com.squareup.okhttp.Call.getResponse(Call.java:286) at com.squareup.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:243) at com.squareup.okhttp.Call.getResponseWithInterceptorChain(Call.java:205) at com.squareup.okhttp.Call.execute(Call.java ):80) com.venkat.good.http.MyHTTPThread.run(MyHTTPThread.java:492) at com.venkat.good.http.MyHTTPThread.run(MyHTTPThread.java:76) at java.lang.Thread.run(Thread.java:818)

通过使用OKHTTP3，我解决了这个问题。

String hostname = "yourdomain.com";
  CertificatePinner certificatePinner = new CertificatePinner.Builder()
 .add(hostname, "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
 .build();
   OkHttpClient client = OkHttpClient.Builder()
 .certificatePinner(certificatePinner)
 .build();

  Request request = new Request.Builder()
 .url("https://" + hostname)
 .build();
 client.newCall(request).execute();

，但我想知道为什么以前的OkHttp2版本工作了几天，然后又引发了这个问题？