Well, I figured it out.
Initialize your ConnectionSocketFactory
like this
val sslContext = SSLContexts.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy).useTLS().build()
new SSLConnectionSocketFactory(sslContext, new AllowAllHostnameVerifier())
If you take a look at sources of TrustSelfSignedStrategy
the way they distinguish self-signed certificates from real ones is by checking length of chain.
public boolean isTrusted(
final X509Certificate[] chain, final String authType) throws CertificateException {
return chain.length == 1;
}
I'm not sure it's very reliable way but just keep it in mind. Maybe it's worth checking given X509Certificate
in isTrusted
.