Random SSLExceptions

[GoogleCodeExporter]

I keep getting random SSLExceptions, like these:

07-13 17:26:08.780: W/AQuery(7746): javax.net.ssl.SSLException: Read error: 
ssl=0x19d3c0: I/O error during system call, Connection reset by peer
07-13 17:26:08.780: W/AQuery(7746):     at 
org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_read(Native Method)
07-13 17:26:08.780: W/AQuery(7746):     at 
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl$SSLInputStream.read(Open
SSLSocketImpl.java:801)
07-13 17:26:08.780: W/AQuery(7746):     at 
org.apache.http.impl.io.AbstractSessionInputBuffer.fillBuffer(AbstractSessionInp
utBuffer.java:103)
07-13 17:26:08.780: W/AQuery(7746):     at 
org.apache.http.impl.io.AbstractSessionInputBuffer.readLine(AbstractSessionInput
Buffer.java:191)
07-13 17:26:08.780: W/AQuery(7746):     at 
org.apache.http.impl.conn.DefaultResponseParser.parseHead(DefaultResponseParser.
java:82)
07-13 17:26:08.780: W/AQuery(7746):     at 
org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:1
74)
07-13 17:26:08.780: W/AQuery(7746):     at 
org.apache.http.impl.AbstractHttpClientConnection.receiveResponseHeader(Abstract
HttpClientConnection.java:180)
07-13 17:26:08.780: W/AQuery(7746):     at 
org.apache.http.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultC
lientConnection.java:235)
07-13 17:26:08.780: W/AQuery(7746):     at 
org.apache.http.impl.conn.AbstractClientConnAdapter.receiveResponseHeader(Abstra
ctClientConnAdapter.java:259)
07-13 17:26:08.780: W/AQuery(7746):     at 
org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecut
or.java:279)
07-13 17:26:08.780: W/AQuery(7746):     at 
org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:12
1)
07-13 17:26:08.780: W/AQuery(7746):     at 
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirecto
r.java:428)
07-13 17:26:08.780: W/AQuery(7746):     at 
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:5
55)
07-13 17:26:08.780: W/AQuery(7746):     at 
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:4
87)
07-13 17:26:08.780: W/AQuery(7746):     at 
com.androidquery.callback.AbstractAjaxCallback.httpDo(AbstractAjaxCallback.java:
1328)
07-13 17:26:08.780: W/AQuery(7746):     at 
com.androidquery.callback.AbstractAjaxCallback.httpGet(AbstractAjaxCallback.java
:1207)
07-13 17:26:08.780: W/AQuery(7746):     at 
com.androidquery.callback.AbstractAjaxCallback.network(AbstractAjaxCallback.java
:1133)
07-13 17:26:08.780: W/AQuery(7746):     at 
com.androidquery.callback.AbstractAjaxCallback.networkWork(AbstractAjaxCallback.
java:986)
07-13 17:26:08.780: W/AQuery(7746):     at 
com.androidquery.callback.AbstractAjaxCallback.backgroundWork(AbstractAjaxCallba
ck.java:933)
07-13 17:26:08.780: W/AQuery(7746):     at 
com.androidquery.callback.AbstractAjaxCallback.run(AbstractAjaxCallback.java:894
)
07-13 17:26:08.780: W/AQuery(7746):     at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1081)
07-13 17:26:08.780: W/AQuery(7746):     at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:574)
07-13 17:26:08.780: W/AQuery(7746):     at java.lang.Thread.run(Thread.java:1020)

There seems to be no rhyme or reason as to their occurrence. They happen maybe 
1/6 of the time I make any calls.

Here is how I'm using AQuery:

// APPLICATION CREATE:

public void onCreate()
  {
    AQUtility.setExceptionHandler( new UncaughtExceptionHandler() {
      public void uncaughtException( Thread thread, Throwable ex )
      {
        ex.printStackTrace();
      }
    } );

    AQUtility.setDebug( true );

    AjaxCallback.setTransformer( new JsonTransformer() );

    //set the max number of concurrent network connections, default is 4
    AjaxCallback.setNetworkLimit( 8 );

    //set the max number of icons (image width <= 50) to be cached in memory, default is 20
    BitmapAjaxCallback.setIconCacheLimit( 20 );

    //set the max number of images (image width > 50) to be cached in memory, default is 20
    BitmapAjaxCallback.setCacheLimit( 40 );

    //set the max size of an image to be cached in memory, default is 1600 pixels (ie. 400x400)
    BitmapAjaxCallback.setPixelLimit( 480 * 480 );

    //set the max size of the memory cache, default is 1M pixels (4MB) (2---)
    BitmapAjaxCallback.setMaxPixelLimit( 4000000 );

    super.onCreate();
  }

// USAGE
// NOTE: uri = 
// 07-13 17:26:08.040: W/AQuery(7746): get:https://site.com/me/ticker/

$.auth( Security.getAuth( this ) ).ajax( uri, BaseModelListRequest.class, this, 
"loadAdapterObjectsCallback" );

  public void loadAdapterObjectsCallback( String uri, BaseModelListRequest requestData, AjaxStatus status )
  {
    setProgressBarIndeterminateVisibility( false );
    setSupportProgressBarIndeterminateVisibility( false );

    if( requestData != null && status.getCode() == 200 )
    {
       // stuff 
    }
  }

// HERE IS GETAUTH:
  public static synchronized BasicHandle getAuth( Context context )
  {
    return new BasicHandle( "user", "pass" );
  }

// AND THE JSONTRANSFORMER (uses jaxson to marshall json):
public class JsonTransformer implements Transformer
{
  public < T > T transform( String url, Class< T > type, String encoding, byte[] data, AjaxStatus status )
  {
    ObjectMapper mapper = new ObjectMapper();

    try
    {
      return mapper.readValue( new String( data ), type );
    }
    catch( Exception e )
    {
      return null;
    }
  }
}

I really like this library, but the inconstancies in connections are worrying. 
Thoughts anyone?

Original issue reported on code.google.com by lifeCode...@gmail.com on 13 Jul 2012 at 9:41

[GoogleCodeExporter]

Further inspection yields that the error occurs on Android 2.3.x devices. 
Removing the "s" in the protocol (ie SSL) makes everything work fine.

I have previously had this issue with RestTemplate (Spring-Android), and fixed 
it by following this post's recommendations: 
http://stackoverflow.com/questions/1217141/self-signed-ssl-acceptance-android

However, I modified the source to Android-Query in the same manner, and it did 
not fix the issue.

Original comment by lifeCode...@gmail.com on 14 Jul 2012 at 12:05

[GoogleCodeExporter]

Here is another exception, SSL related:

07-13 22:03:41.454: W/AQuery(2517): javax.net.ssl.SSLException: Not trusted 
server certificate
07-13 22:03:41.454: W/AQuery(2517):     at 
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSo
cketImpl.java:360)
07-13 22:03:41.454: W/AQuery(2517):     at 
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92)
07-13 22:03:41.454: W/AQuery(2517):     at 
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:32
1)
07-13 22:03:41.454: W/AQuery(2517):     at 
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(Default
ClientConnectionOperator.java:140)
07-13 22:03:41.454: W/AQuery(2517):     at 
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
07-13 22:03:41.454: W/AQuery(2517):     at 
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapt
er.java:119)
07-13 22:03:41.454: W/AQuery(2517):     at 
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirecto
r.java:348)
07-13 22:03:41.454: W/AQuery(2517):     at 
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:5
55)
07-13 22:03:41.454: W/AQuery(2517):     at 
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:4
87)
07-13 22:03:41.454: W/AQuery(2517):     at 
com.androidquery.callback.AbstractAjaxCallback.httpDo(AbstractAjaxCallback.java:
1328)
07-13 22:03:41.454: W/AQuery(2517):     at 
com.androidquery.callback.AbstractAjaxCallback.httpGet(AbstractAjaxCallback.java
:1207)
07-13 22:03:41.454: W/AQuery(2517):     at 
com.androidquery.callback.AbstractAjaxCallback.network(AbstractAjaxCallback.java
:1133)
07-13 22:03:41.454: W/AQuery(2517):     at 
com.androidquery.callback.AbstractAjaxCallback.networkWork(AbstractAjaxCallback.
java:986)
07-13 22:03:41.454: W/AQuery(2517):     at 
com.androidquery.callback.AbstractAjaxCallback.backgroundWork(AbstractAjaxCallba
ck.java:933)
07-13 22:03:41.454: W/AQuery(2517):     at 
com.androidquery.callback.AbstractAjaxCallback.run(AbstractAjaxCallback.java:894
)
07-13 22:03:41.454: W/AQuery(2517):     at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068)
07-13 22:03:41.454: W/AQuery(2517):     at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561)
07-13 22:03:41.454: W/AQuery(2517):     at 
java.lang.Thread.run(Thread.java:1096)
07-13 22:03:41.454: W/AQuery(2517): Caused by: 
java.security.cert.CertificateException: 
java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not 
found.
07-13 22:03:41.454: W/AQuery(2517):     at 
org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustM
anagerImpl.java:168)
07-13 22:03:41.454: W/AQuery(2517):     at 
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSo
cketImpl.java:355)
07-13 22:03:41.454: W/AQuery(2517):     ... 17 more
07-13 22:03:41.454: W/AQuery(2517): Caused by: 
java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not 
found.
07-13 22:03:41.454: W/AQuery(2517):     at 
org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPa
thValidatorSpi.java:149)
07-13 22:03:41.454: W/AQuery(2517):     at 
java.security.cert.CertPathValidator.validate(CertPathValidator.java:211)
07-13 22:03:41.454: W/AQuery(2517):     at 
org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustM
anagerImpl.java:164)
07-13 22:03:41.454: W/AQuery(2517):     ... 18 more

Original comment by lifeCode...@gmail.com on 14 Jul 2012 at 12:12

[GoogleCodeExporter]

And note, even though it's saying it's "Not trusted server certificate", the 
server is secured. Attached is a screenshot of the SSL info in Chrome:

Original comment by lifeCode...@gmail.com on 14 Jul 2012 at 12:24

Attachments:

• [Screen Shot 2012-07-13 at 7.23.41 PM.png](https://storage.googleapis.com/google-code-attachments/android-query/issue-63/comment-3/Screen Shot 2012-07-13 at 7.23.41 PM.png)

[GoogleCodeExporter]

It seems like an Android platform issue.

Did you try setting a custom socket factory:
http://android-query.googlecode.com/svn/trunk/javadoc/com/androidquery/callback/
AbstractAjaxCallback.html#setSSF(SocketFactory)

Create the SF that accept everything and set it with this method.

This is also very difficult to reproduce due to specific android 
version/devices/certificate. 

Original comment by tinyeeliu@gmail.com on 15 Jul 2012 at 6:33

[GoogleCodeExporter]

It does work if I set one that accepts any certificate, however, this is only 
moderately better than not using https.

I believe I need to do something like this blog illustrates:

http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html

That is, convert my server's public certificate from PEM to BKS, and use that. 
Is there a mechanism in Android-Query that'd support me doing this? 

Original comment by lifeCode...@gmail.com on 15 Jul 2012 at 5:01

[GoogleCodeExporter]

I attempted to convert my IP's public cert to BKS, and I think it worked. I 
then did the following, in my Application:

  // set factory
  AjaxCallback.setSSF( getSSLSocketFactory( this ) );

  // get factory
  private SSLSocketFactory getSSLSocketFactory( Context c )
  {
    try
    {
      KeyStore trusted = KeyStore.getInstance( "BKS" );
      InputStream in = c.getResources().openRawResource( R.raw.bksstore );
      try
      {
        trusted.load( in, "asdf".toCharArray() );
      }
      finally
      {
        in.close();
      }
      return new SSLSocketFactory( trusted );
    }
    catch( Exception e )
    {
      throw new AssertionError( e );
    }
  }

It's failing with this exception:

javax.net.ssl.SSLException: Not trusted server certificate
    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:360)
    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:321)
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:140)
    at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
    at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
    at com.androidquery.callback.AbstractAjaxCallback.httpDo(AbstractAjaxCallback.java:1328)
    at com.androidquery.callback.AbstractAjaxCallback.httpGet(AbstractAjaxCallback.java:1207)
    at com.androidquery.callback.AbstractAjaxCallback.network(AbstractAjaxCallback.java:1133)
    at com.androidquery.callback.AbstractAjaxCallback.networkWork(AbstractAjaxCallback.java:986)
    at com.androidquery.callback.AbstractAjaxCallback.backgroundWork(AbstractAjaxCallback.java:933)
    at com.androidquery.callback.AbstractAjaxCallback.run(AbstractAjaxCallback.java:894)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561)
    at java.lang.Thread.run(Thread.java:1096)
Caused by: java.security.cert.CertificateException: 
java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not 
found.
    at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168)
    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:355)
    ... 17 more
Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for 
CertPath not found.
    at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:149)
    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:211)
    at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164)
    ... 18 more

Original comment by lifeCode...@gmail.com on 15 Jul 2012 at 5:29

[GoogleCodeExporter]

Well, I found this post, and it uses my CA, Thawte:

http://blog.donnfelker.com/2011/06/13/trusting-android-certificates-part-duex/

I'm now getting this exception, using the same code as my previous post:

javax.net.ssl.SSLException: Not trusted server certificate
    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:360)
    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:321)
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:140)
    at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
    at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
    at com.androidquery.callback.AbstractAjaxCallback.httpDo(AbstractAjaxCallback.java:1328)
    at com.androidquery.callback.AbstractAjaxCallback.httpGet(AbstractAjaxCallback.java:1207)
    at com.androidquery.callback.AbstractAjaxCallback.network(AbstractAjaxCallback.java:1133)
    at com.androidquery.callback.AbstractAjaxCallback.networkWork(AbstractAjaxCallback.java:986)
    at com.androidquery.callback.AbstractAjaxCallback.backgroundWork(AbstractAjaxCallback.java:933)
    at com.androidquery.callback.AbstractAjaxCallback.run(AbstractAjaxCallback.java:894)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561)
    at java.lang.Thread.run(Thread.java:1096)
Caused by: java.security.cert.CertificateException: 
java.security.cert.CertPathValidatorException: Could not validate certificate 
signature.
    at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168)
    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:355)
    ... 17 more
Caused by: java.security.cert.CertPathValidatorException: Could not validate 
certificate signature.
    at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:342)
    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:211)
    at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164)
    ... 18 more
Caused by: java.security.SignatureException: Signature was not verified.
    at org.apache.harmony.security.provider.cert.X509CertImpl.fastVerify(X509CertImpl.java:601)
    at org.apache.harmony.security.provider.cert.X509CertImpl.verify(X509CertImpl.java:544)
    at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:337)
    ... 20 more

Original comment by lifeCode...@gmail.com on 15 Jul 2012 at 7:04

[GoogleCodeExporter]

I also tried using the entire Cert Chain, exported from Firefox, and it did not 
work either.

Original comment by lifeCode...@gmail.com on 15 Jul 2012 at 7:11

[GoogleCodeExporter]

Sorry I am not familiar with this type of cert issue.
Please let me know if you resolve it.

Thanks.

Original comment by tinyeeliu@gmail.com on 16 Jul 2012 at 3:54

[GoogleCodeExporter]

Original comment by tinyeeliu@gmail.com on 29 Jul 2012 at 4:38

• Changed state: Invalid

[GoogleCodeExporter]

Read this for the complete explanation and possible resolution: 
http://stackoverflow.com/questions/30538640/javax-net-ssl-sslexception-read-erro
r-ssl-0x9524b800-i-o-error-during-system?lq=1

Original comment by smart.in...@gmail.com on 14 Jul 2015 at 6:19