[android-developers] Yet another HTTPS problem with HttpClient in Android SDK v1.0r1

Guillaume Perrot Fri, 17 Oct 2008 07:07:53 -0700

On android 1.0 I tried to connect to my https server which uses a self-
signed certificate:
Here is my code, which uses a custom hostname verifier:
/* Create and initialize HTTP parameters */
    HttpParams params = new BasicHttpParams();
    ConnManagerParams.setMaxTotalConnections(params, 2);
    HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);


    /* Create and initialize scheme registry */
    SchemeRegistry schemeRegistry = new SchemeRegistry();
    schemeRegistry.register(new Scheme("http", PlainSocketFactory
      .getSocketFactory(), 80));
    SSLSocketFactory sslSocketFactory =
SSLSocketFactory.getSocketFactory();
    sslSocketFactory.setHostnameVerifier(new X509HostnameVerifier()
    {
      @Override
      public boolean verify(String host, SSLSession session)
      {
        return true;
      }

      @Override
      public void verify(String host, SSLSocket ssl) throws
IOException
      {
        /* Nothing to do */
      }

      @Override
      public void verify(String host, X509Certificate cert) throws
SSLException
      {
        /* Nothing to do */
      }

      @Override
      public void verify(String host, String[] cns, String[]
subjectAlts)
        throws SSLException
      {
        /* Nothing to do */
      }
    });
    schemeRegistry.register(new Scheme("https", sslSocketFactory,
443));

    /* Allow multiple threads (two in our case) to access the HTTP
client */
    ClientConnectionManager cm = new
ThreadSafeClientConnManager(params,
      schemeRegistry);
    mHttpClient = new DefaultHttpClient(cm, params);

try
    {
      HttpGet ping = new HttpGet(mConnectionManagerURL);
      HttpResponse response = mHttpClient.execute(ping);
      HttpEntity entity = response.getEntity();
      if (entity != null)
        entity.consumeContent();
    }
    catch (IOException ioe)
    {
      ioe.printStackTrace();
      shutdown();
      throw ioe;
    }
    catch (Exception e)
    {
      e.printStackTrace();
      shutdown();
      throw new IOException(e.getMessage());
    }

I have the following exception in stack trace:

10-17 13:46:23.484: ERROR/ubikim-streams(783):
javax.net.ssl.SSLException: Not trusted server certificate
10-17 13:46:23.554: ERROR/ubikim-streams(783):     at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:
353)
10-17 13:46:23.654: ERROR/ubikim-streams(783):     at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl
$SSLInputStream.<init>(OpenSSLSocketImpl.java:491)
10-17 13:46:23.704: ERROR/ubikim-streams(783):     at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:
432)
10-17 13:46:23.784: ERROR/ubikim-streams(783):     at
org.apache.http.impl.io.SocketInputBuffer.<init>(SocketInputBuffer.java:
93)
10-17 13:46:23.844: ERROR/ubikim-streams(783):     at
org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java:
83)
10-17 13:46:23.894: ERROR/ubikim-streams(783):     at
org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java:
170)
10-17 13:46:23.944: ERROR/ubikim-streams(783):     at
org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java:
106)
10-17 13:46:24.035: ERROR/ubikim-streams(783):     at
org.apache.http.impl.conn.DefaultClientConnection.openCompleted(DefaultClientConnection.java:
129)
10-17 13:46:24.085: ERROR/ubikim-streams(783):     at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:
136)
10-17 13:46:24.135: ERROR/ubikim-streams(783):     at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:
164)
10-17 13:46:24.185: ERROR/ubikim-streams(783):     at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:
119)
10-17 13:46:24.275: ERROR/ubikim-streams(783):     at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:
348)
10-17 13:46:24.325: ERROR/ubikim-streams(783):     at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
555)
10-17 13:46:24.375: ERROR/ubikim-streams(783):     at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
487)
10-17 13:46:24.425: ERROR/ubikim-streams(783):     at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
465)
10-17 13:46:24.504: ERROR/ubikim-streams(783):     at
com.ubikod.smackx.bosh.BoshSession.<init>(BoshSession.java:105)
10-17 13:46:24.554: ERROR/ubikim-streams(783):     at
com.ubikod.smackx.bosh.BoshSocket.<init>(BoshSocket.java:15)
10-17 13:46:24.594: ERROR/ubikim-streams(783):     at
com.ubikod.smackx.bosh.BoshSocketFactory.createSocket(BoshSocketFactory.java:
27)
10-17 13:46:24.644: ERROR/ubikim-streams(783):     at
org.jivesoftware.smack.XMPPConnection.connectUsingConfiguration(XMPPConnection.java:
818)
10-17 13:46:24.734: ERROR/ubikim-streams(783):     at
org.jivesoftware.smack.XMPPConnection.connect(XMPPConnection.java:
1276)
10-17 13:46:24.774: ERROR/ubikim-streams(783):     at
com.ubikod.android.ubikim.service.UbikIMService
$1.run(UbikIMService.java:476)
10-17 13:46:24.844: ERROR/ubikim-streams(783): Caused by:
java.security.cert.CertificateException:
java.security.cert.CertPathValidatorException: TrustAnchor for
CertPath not found.
10-17 13:46:24.945: ERROR/ubikim-streams(783):     at
org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:
158)
10-17 13:46:25.005: ERROR/ubikim-streams(783):     at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:
349)
10-17 13:46:25.035: ERROR/ubikim-streams(783):     ... 20 more
10-17 13:46:25.095: ERROR/ubikim-streams(783): Caused by:
java.security.cert.CertPathValidatorException: TrustAnchor for
CertPath not found.
10-17 13:46:25.205: ERROR/ubikim-streams(783):     at
org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:
144)
10-17 13:46:25.245: ERROR/ubikim-streams(783):     at
java.security.cert.CertPathValidator.validate(CertPathValidator.java:
153)
10-17 13:46:25.305: ERROR/ubikim-streams(783):     at
org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:
154)
10-17 13:46:25.335: ERROR/ubikim-streams(783):     ... 21 more


The code of my custom hostname verifier is called, but another check
fails later and I didn't find a way to override this behavior.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
[EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
-~----------~----~----~----~------~----~------~--~---

[android-developers] Yet another HTTPS problem with HttpClient in Android SDK v1.0r1

Reply via email to