search

liujingxing / rxhttp

🔥🔥🔥 Based on OkHttp encapsulation, support Kotlin Coroutines、RxJava2、RxJava3; 30s to get started.
https://juejin.im/post/5ded221a518825125d14a1d4
Apache License 2.0
3.74k stars 457 forks source link

国外Android13+以上,Https请求失败 #467

Closed yangdengxueshi closed 11 months ago

yangdengxueshi commented 11 months ago 
            final HttpsUtils.SSLParams lSSLParams = HttpsUtils.getSslSocketFactory(); // 方法一:信任所有证书,不安全有风险
            RxHttpPlugins.init(new OkHttpClient.Builder()
                            .sslSocketFactory(lSSLParams.sSLSocketFactory, lSSLParams.trustManager)
                            .hostnameVerifier((hostname, sslSession) -> true)
                            .addInterceptor(new ChuckerInterceptor.Builder(this).build())
                            .build())
                    // .setCache(new File(getExternalCacheDir(), "RxHttpCache"), 32 * 1024 * 1024L, CacheMode.REQUEST_NETWORK_FAILED_READ_CACHE, -1) // 缓存有效时间  默认-1,代表永久有效
                    .setDebug(AppUtils.isAppDebug(), true);

以上忽略证书、忽略主机验证写法,在安卓12-手机上没问题,在安卓13+以上握手错误,怎么回事?

报错信息:

        error:1000012e:SSL routines:OPENSSL_internal:KEY_USAGE_BIT_INCORRECT (external/boringssl/src/ssl/ssl_cert.cc:605 0x71b74ef50112:0x00000000)
    at io.reactivex.rxjava3.internal.functions.Functions$OnErrorMissingConsumer.accept(Functions.java:718)
    at io.reactivex.rxjava3.internal.functions.Functions$OnErrorMissingConsumer.accept(Functions.java:715)
    at io.reactivex.rxjava3.internal.observers.LambdaObserver.onError(LambdaObserver.java:77)
    at rxhttp.wrapper.param.ObservableCall$CallExecuteDisposable.onError(ObservableCall.java:199)
    at rxhttp.wrapper.param.ObservableCall$CallEnqueueDisposable.onFailure(ObservableCall.java:152)
    at okhttp3.RealCall$AsyncCall.execute(RealCall.java:215)
    at okhttp3.internal.NamedRunnable.run(NamedRunnable.java:32)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
    at java.lang.Thread.run(Thread.java:1012)

        Caused by: javax.net.ssl.SSLHandshakeException: Read error: ssl=0x71b958c9db58: Failure in SSL library, usually a protocol error
liujingxing commented 11 months ago

请提供url

yangdengxueshi commented 11 months ago

请提供url

https://sumersilversat.com/SMSWeb.Service.Api/api/Service/getLan?lan=0

服务器在国外,不开VPN也能访问

liujingxing commented 11 months ago

用RxHttp demo在android 13的设备上可以访问

image
yangdengxueshi commented 11 months ago

用RxHttp demo在android 13的设备上可以访问 image

OK,谢谢你的回复,我把RxHttp版本和OkHttp版本调成跟你一样试一下,伊拉克的客户用RealMe手机,ColorOS13,Android13系统,访问不起,我再看看情况,感谢

yangdengxueshi commented 11 months ago

用RxHttp demo在android 13的设备上可以访问 image

记录一下我的最终解决方案,方便同行避坑,排查了整整一天才找到原因:

问题描述:国内13+系统上用RxHttp请求https一切正常,国外13+系统上请求https报 SSL HandShake Exception (Caused by: javax.net.ssl.SSLHandshakeException: Read error: ssl=0x71b958c9db58: Failure in SSL library, usually a protocol error)

问题原因:国内手机没有GMS谷歌服务,国外手机有GMS,所以13+系统上,国外发送网络请求时,手机还需要向GMS谷歌服务请求授权

问题解决方法:

        implementation 'com.google.android.gms:play-services-auth:20.7.0'

BaseApplication 中:

        if ((Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) && (GoogleApiAvailability.getInstance().isGooglePlayServicesAvailable(this) == ConnectionResult.SUCCESS)) {// 13+设备支持GMS服务
            try {
                ProviderInstaller.installIfNeeded(this);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }

解决方法就是这么简单,参考链接: https://stackoverflow.com/questions/29916962/javax-net-ssl-sslhandshakeexception-javax-net-ssl-sslprotocolexception-ssl-han https://developer.android.com/training/articles/security-gms-provider?hl=zh-cn 链接如果访问不了,请开启VPN