rajajawahar / android-xmlrpc

Automatically exported from code.google.com/p/android-xmlrpc
0 stars 0 forks source link

Using the library when addressing SSL encrypted sites which have self-signed SSL certificates. #21

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Make an xml-rpc call on an URI starting with "https://"

What is the expected output? What do you see instead?
The output of the call is expected but a javax.net.ssl.SSLException is thrown.

What version of the product are you using? On what operating system?
The tarball based on r15. but it alos seems to be the case with r17's 
XMLRPCClient

How I worked around it:
According to http://code.google.com/p/android/issues/detail?id=1946#c10
I use this class: http://exchangeit.googlecode.com/svn-
history/r23/trunk/src/com/byarger/exchangeit/EasySSLSocketFactory.java
I tweaked it a bit (according to the same post)

and in XMLRPCClient's constructor:
    registry.register(new Scheme("https", new EasySSLSocketFactory(), 443));
instead of the current line for https.

Original issue reported on code.google.com by deubeul...@gmail.com on 21 Apr 2010 at 2:06

GoogleCodeExporter commented 8 years ago
Thanks for this. I'll look into it further, and see what I can do with the code 
over the next few weeks.

Original comment by JonTheNiceGuy on 12 Sep 2010 at 8:27

GoogleCodeExporter commented 8 years ago
Any progress with that issue? SSL with self signed cert is quite common around

Original comment by borszc...@gmail.com on 20 Oct 2010 at 11:15

GoogleCodeExporter commented 8 years ago
Sorry borszczuk, it completely slipped from my radar. I've got a bundle of 
other changes to update this week. I'll see what I can do.

In the mean time, deubeuliou, are you able to supply a patch for the code you 
implemented or added?

Original comment by jon@sprig.gs on 19 Nov 2010 at 4:07

GoogleCodeExporter commented 8 years ago

Original comment by jon@sprig.gs on 19 Nov 2010 at 4:08

GoogleCodeExporter commented 8 years ago
I'm wary of implementing the referred code, as it completely circumvents any 
SSL certificate validataion.

Perhaps we can extend the RPCClient class to accommodate this patch?

I'd still be interested in seeing a patch from deubeuliou for what you've 
implemented?

Original comment by jon@sprig.gs on 23 Nov 2010 at 8:08

GoogleCodeExporter commented 8 years ago
As I said, I modified the XMLRPCClient class (only the constuctor) as shown in 
the attachement (sorry, not a proper patch format ... but it's only 2 lines).
And added the following class to the project : 
http://exchangeit.googlecode.com/svn-history/r23/trunk/src/com/byarger/exchangei
t/EasySSLSocketFactory.java
but I also did as that comment did : 
http://code.google.com/p/android/issues/detail?id=1946#c10 , that is, using 
that "TrivialTrustManager". But you don't want that, and I understand it.

My project didn't evolve much since the last time, and it probably never will, 
as I lost my android :( (and have for the moment no longer use of what I was 
coding)

I cannot help more than that, sorry.

Original comment by deubeul...@gmail.com on 23 Nov 2010 at 9:08

Attachments:

GoogleCodeExporter commented 8 years ago
I'm no longer able to commit time to this project, and as such, I am removing 
myself from any tickets I've previously been involved in.

Original comment by jon@sprig.gs on 14 Sep 2011 at 12:17