Hmm, if there was a parse error I wonder why no exception was thrown, as far as I can tell it just silently failed and didn't send the cert to the server.
The reason I am not using the openssl tool is because I am creating the certificate on the phone using an RSA keypair generated at runtime. I know it probably sounds like i'm doing something wrong/ stupid :), but without getting into the details of my system the only thing I need this cert for is to use the keypair to perform SSL client auth and it really doesn't matter if it is signed. On Jan 10, 12:25 am, Nikolay Elenkov <nikolay.elen...@gmail.com> wrote: > On Tue, Jan 10, 2012 at 4:32 PM, Carl Minden <carlmin...@gmail.com> wrote: > > when I made the certificate in openssl I did not call X509_sign() to > > sign it...for my use case it didn't need to be signed so I hadn't > > bothered. > > I see. If it's not signed, it not technically a certificate, so it's funny > that it worked before. (signatureValue is requried) Android was > probably just ignoring the parse error. > > > I changed my code so that I signed the certificate with its private > > key and then added the signed certificate to the STACK_OF(X509) > > certificate authority cert chain used to created the pkcs12 > > certificate with pkcs12_create(). > > Why not use the openssl commands? Those have (some) error > checking and shouldn't produce a malformed PKCS#12 file, etc. > > > I believe I didn't have to pass the SSLSocketFactory a truststore > > because that information was included in the pkcs12 certificate via > > the CA cert chain. > > Looks like it. Still it probably shouldn't trust it implicitly... Will check > the code later to see what is going on. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
