Closed GoogleCodeExporter closed 9 years ago
Further inspection yields that the error occurs on Android 2.3.x devices.
Removing the "s" in the protocol (ie SSL) makes everything work fine.
I have previously had this issue with RestTemplate (Spring-Android), and fixed
it by following this post's recommendations:
http://stackoverflow.com/questions/1217141/self-signed-ssl-acceptance-android
However, I modified the source to Android-Query in the same manner, and it did
not fix the issue.
Original comment by lifeCode...@gmail.com
on 14 Jul 2012 at 12:05
Here is another exception, SSL related:
07-13 22:03:41.454: W/AQuery(2517): javax.net.ssl.SSLException: Not trusted
server certificate
07-13 22:03:41.454: W/AQuery(2517): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSo
cketImpl.java:360)
07-13 22:03:41.454: W/AQuery(2517): at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92)
07-13 22:03:41.454: W/AQuery(2517): at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:32
1)
07-13 22:03:41.454: W/AQuery(2517): at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(Default
ClientConnectionOperator.java:140)
07-13 22:03:41.454: W/AQuery(2517): at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
07-13 22:03:41.454: W/AQuery(2517): at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapt
er.java:119)
07-13 22:03:41.454: W/AQuery(2517): at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirecto
r.java:348)
07-13 22:03:41.454: W/AQuery(2517): at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:5
55)
07-13 22:03:41.454: W/AQuery(2517): at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:4
87)
07-13 22:03:41.454: W/AQuery(2517): at
com.androidquery.callback.AbstractAjaxCallback.httpDo(AbstractAjaxCallback.java:
1328)
07-13 22:03:41.454: W/AQuery(2517): at
com.androidquery.callback.AbstractAjaxCallback.httpGet(AbstractAjaxCallback.java
:1207)
07-13 22:03:41.454: W/AQuery(2517): at
com.androidquery.callback.AbstractAjaxCallback.network(AbstractAjaxCallback.java
:1133)
07-13 22:03:41.454: W/AQuery(2517): at
com.androidquery.callback.AbstractAjaxCallback.networkWork(AbstractAjaxCallback.
java:986)
07-13 22:03:41.454: W/AQuery(2517): at
com.androidquery.callback.AbstractAjaxCallback.backgroundWork(AbstractAjaxCallba
ck.java:933)
07-13 22:03:41.454: W/AQuery(2517): at
com.androidquery.callback.AbstractAjaxCallback.run(AbstractAjaxCallback.java:894
)
07-13 22:03:41.454: W/AQuery(2517): at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068)
07-13 22:03:41.454: W/AQuery(2517): at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561)
07-13 22:03:41.454: W/AQuery(2517): at
java.lang.Thread.run(Thread.java:1096)
07-13 22:03:41.454: W/AQuery(2517): Caused by:
java.security.cert.CertificateException:
java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not
found.
07-13 22:03:41.454: W/AQuery(2517): at
org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustM
anagerImpl.java:168)
07-13 22:03:41.454: W/AQuery(2517): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSo
cketImpl.java:355)
07-13 22:03:41.454: W/AQuery(2517): ... 17 more
07-13 22:03:41.454: W/AQuery(2517): Caused by:
java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not
found.
07-13 22:03:41.454: W/AQuery(2517): at
org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPa
thValidatorSpi.java:149)
07-13 22:03:41.454: W/AQuery(2517): at
java.security.cert.CertPathValidator.validate(CertPathValidator.java:211)
07-13 22:03:41.454: W/AQuery(2517): at
org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustM
anagerImpl.java:164)
07-13 22:03:41.454: W/AQuery(2517): ... 18 more
Original comment by lifeCode...@gmail.com
on 14 Jul 2012 at 12:12
And note, even though it's saying it's "Not trusted server certificate", the
server is secured. Attached is a screenshot of the SSL info in Chrome:
Original comment by lifeCode...@gmail.com
on 14 Jul 2012 at 12:24
Attachments:
It seems like an Android platform issue.
Did you try setting a custom socket factory:
http://android-query.googlecode.com/svn/trunk/javadoc/com/androidquery/callback/
AbstractAjaxCallback.html#setSSF(SocketFactory)
Create the SF that accept everything and set it with this method.
This is also very difficult to reproduce due to specific android
version/devices/certificate.
Original comment by tinyeeliu@gmail.com
on 15 Jul 2012 at 6:33
It does work if I set one that accepts any certificate, however, this is only
moderately better than not using https.
I believe I need to do something like this blog illustrates:
http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html
That is, convert my server's public certificate from PEM to BKS, and use that.
Is there a mechanism in Android-Query that'd support me doing this?
Original comment by lifeCode...@gmail.com
on 15 Jul 2012 at 5:01
I attempted to convert my IP's public cert to BKS, and I think it worked. I
then did the following, in my Application:
// set factory
AjaxCallback.setSSF( getSSLSocketFactory( this ) );
// get factory
private SSLSocketFactory getSSLSocketFactory( Context c )
{
try
{
KeyStore trusted = KeyStore.getInstance( "BKS" );
InputStream in = c.getResources().openRawResource( R.raw.bksstore );
try
{
trusted.load( in, "asdf".toCharArray() );
}
finally
{
in.close();
}
return new SSLSocketFactory( trusted );
}
catch( Exception e )
{
throw new AssertionError( e );
}
}
It's failing with this exception:
javax.net.ssl.SSLException: Not trusted server certificate
at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:360)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:321)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:140)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
at com.androidquery.callback.AbstractAjaxCallback.httpDo(AbstractAjaxCallback.java:1328)
at com.androidquery.callback.AbstractAjaxCallback.httpGet(AbstractAjaxCallback.java:1207)
at com.androidquery.callback.AbstractAjaxCallback.network(AbstractAjaxCallback.java:1133)
at com.androidquery.callback.AbstractAjaxCallback.networkWork(AbstractAjaxCallback.java:986)
at com.androidquery.callback.AbstractAjaxCallback.backgroundWork(AbstractAjaxCallback.java:933)
at com.androidquery.callback.AbstractAjaxCallback.run(AbstractAjaxCallback.java:894)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561)
at java.lang.Thread.run(Thread.java:1096)
Caused by: java.security.cert.CertificateException:
java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not
found.
at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168)
at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:355)
... 17 more
Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for
CertPath not found.
at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:149)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:211)
at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164)
... 18 more
Original comment by lifeCode...@gmail.com
on 15 Jul 2012 at 5:29
Well, I found this post, and it uses my CA, Thawte:
http://blog.donnfelker.com/2011/06/13/trusting-android-certificates-part-duex/
I'm now getting this exception, using the same code as my previous post:
javax.net.ssl.SSLException: Not trusted server certificate
at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:360)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:321)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:140)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
at com.androidquery.callback.AbstractAjaxCallback.httpDo(AbstractAjaxCallback.java:1328)
at com.androidquery.callback.AbstractAjaxCallback.httpGet(AbstractAjaxCallback.java:1207)
at com.androidquery.callback.AbstractAjaxCallback.network(AbstractAjaxCallback.java:1133)
at com.androidquery.callback.AbstractAjaxCallback.networkWork(AbstractAjaxCallback.java:986)
at com.androidquery.callback.AbstractAjaxCallback.backgroundWork(AbstractAjaxCallback.java:933)
at com.androidquery.callback.AbstractAjaxCallback.run(AbstractAjaxCallback.java:894)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561)
at java.lang.Thread.run(Thread.java:1096)
Caused by: java.security.cert.CertificateException:
java.security.cert.CertPathValidatorException: Could not validate certificate
signature.
at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168)
at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:355)
... 17 more
Caused by: java.security.cert.CertPathValidatorException: Could not validate
certificate signature.
at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:342)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:211)
at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164)
... 18 more
Caused by: java.security.SignatureException: Signature was not verified.
at org.apache.harmony.security.provider.cert.X509CertImpl.fastVerify(X509CertImpl.java:601)
at org.apache.harmony.security.provider.cert.X509CertImpl.verify(X509CertImpl.java:544)
at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:337)
... 20 more
Original comment by lifeCode...@gmail.com
on 15 Jul 2012 at 7:04
I also tried using the entire Cert Chain, exported from Firefox, and it did not
work either.
Original comment by lifeCode...@gmail.com
on 15 Jul 2012 at 7:11
Sorry I am not familiar with this type of cert issue.
Please let me know if you resolve it.
Thanks.
Original comment by tinyeeliu@gmail.com
on 16 Jul 2012 at 3:54
Original comment by tinyeeliu@gmail.com
on 29 Jul 2012 at 4:38
Original issue reported on code.google.com by
lifeCode...@gmail.com
on 13 Jul 2012 at 9:41