[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
I'm pretty new to Java so it took some digging, but here's my solution: HttpParams parameters = new BasicHttpParams(); SchemeRegistry schemeRegistry = new SchemeRegistry(); SSLSocketFactory sslSocketFactory = SSLSocketFactory.getSocketFactory (); sslSocketFactory.setHostnameVerifier (SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); schemeRegistry.register(new Scheme(https, sslSocketFactory, 443)); ClientConnectionManager manager = new ThreadSafeClientConnManager (parameters, schemeRegistry); HttpClient httpClient = new DefaultHttpClient(manager, parameters); This will accept any certificate so it should not be used in production code. Consider it a hack to get moving. On Nov 4, 12:43 am, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: have you success yourhttpsconnection? I don't know how to do with the not trusted certificate. thx On 23 oct, 09:23, Guillaume Perrot [EMAIL PROTECTED] wrote: Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. On 23 oct, 10:20, Guillaume Perrot [EMAIL PROTECTED] wrote: Yes I had, though it's not in my sample code. The verification that fails is not the hostname, but later when checking the certificate. And I didn't find a class such as AllowAllSelfSignedCertificates. 2008/10/23 Sean Sullivan [EMAIL PROTECTED] Have you tried using org.apache.http.conn.ssl.AllowAllHostnameVerifier ? http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/module-c... Sean On Oct 17, 7:07 am, Guillaume Perrot [EMAIL PROTECTED] wrote: On android 1.0 I tried to connect to myhttpsserver which uses a self- signed certificate: Here is my code, which uses a custom hostname verifier: /* Create and initialize HTTP parameters */ HttpParams params = new BasicHttpParams(); ConnManagerParams.setMaxTotalConnections(params, 2); HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1); /* Create and initialize scheme registry */ SchemeRegistry schemeRegistry = new SchemeRegistry(); schemeRegistry.register(new Scheme(http, PlainSocketFactory .getSocketFactory(), 80)); SSLSocketFactory sslSocketFactory = SSLSocketFactory.getSocketFactory(); sslSocketFactory.setHostnameVerifier(new X509HostnameVerifier() { @Override public boolean verify(String host, SSLSession session) { return true; } @Override public void verify(String host, SSLSocket ssl) throws IOException { /* Nothing to do */ } @Override public void verify(String host, X509Certificate cert) throws SSLException { /* Nothing to do */ } @Override public void verify(String host, String[] cns, String[] subjectAlts) throws SSLException { /* Nothing to do */ } }); schemeRegistry.register(new Scheme(https, sslSocketFactory, 443)); /* Allow multiple threads (two in our case) to access the HTTP client */ ClientConnectionManager cm = new ThreadSafeClientConnManager(params, schemeRegistry); mHttpClient = new DefaultHttpClient(cm, params); try { HttpGet ping = new HttpGet(mConnectionManagerURL); HttpResponse response = mHttpClient.execute(ping); HttpEntity entity = response.getEntity(); if (entity != null) entity.consumeContent(); } catch (IOException ioe) { ioe.printStackTrace(); shutdown(); throw ioe; } catch (Exception e) { e.printStackTrace(); shutdown(); throw new IOException(e.getMessage()); } I have the following exception in stack trace: 10-17 13:46:23.484: ERROR/ubikim-streams(783): javax.net.ssl.SSLException: Not trusted server certificate 10-17 13:46:23.554: ERROR/ubikim-streams(783): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(Open SSLSocketImpl.java: 353) 10-17 13:46:23.654: ERROR/ubikim-streams(783): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl $SSLInputStream.init(OpenSSLSocketImpl.java:491) 10-17 13:46:23.704: ERROR/ubikim-streams(783): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(Open SSLSocketImpl.java: 432) 10-17 13:46:23.784: ERROR/ubikim-streams(783): at org.apache.http.impl.io.SocketInputBuffer.init(SocketInputBuffer.java: 93) 10-17 13:46:23.844: ERROR/ubikim-streams(783): at org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(So cketHttpClientConnection.java: 83) 10-17
[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
Wrong keystore version could mean that you do not use the BKS format but JKS. I had to write a converter: package org.webpki.tools; import java.io.FileInputStream; import java.io.FileOutputStream; import java.util.Enumeration; import java.security.KeyStore; import java.security.Key; import java.security.Security; import java.security.cert.Certificate; import org.bouncycastle.jce.provider.BouncyCastleProvider; public class JKS2BKSConverter { public static void main (String argv[]) throws Exception { if (argv.length != 4) { System.out.println (JKS2BKSConverter.class.getName () + jksfile bksfile/-same storepass keypass); System.exit (3); } Security.addProvider (new BouncyCastleProvider ()); KeyStore jks = KeyStore.getInstance (JKS); jks.load (new FileInputStream (argv[0]), argv[2].toCharArray ()); KeyStore bks = KeyStore.getInstance (BKS); bks.load (null, null); EnumerationString aliases = jks.aliases (); while (aliases.hasMoreElements ()) { String alias = aliases.nextElement (); if (jks.isKeyEntry (alias)) { Certificate[] chain = jks.getCertificateChain (alias); Key key = jks.getKey (alias, argv[3].toCharArray ()); bks.setKeyEntry (alias, key, argv[3].toCharArray (), chain); } else if (jks.isCertificateEntry (alias)) { Certificate certificate = jks.getCertificate (alias); bks.setCertificateEntry (alias, certificate); } else { throw new Exception (Bad KS); } } bks.store (new FileOutputStream (argv[1].equals (-same) ? argv[0] : argv[1]), argv[2].toCharArray ()); } } On Nov 5, 9:02 am, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Yes that's what I see everywhere. but, i can't change my API or cartificate... So I'm destine to search search solution... I try to put a certificate in keystore, and to load it from my app. but i have an IOexception : Wrong verion of Key Store. I really don't understand. Source : KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());// KeyStore.getDefaultType() FileInputStream in = new FileInputStream(new File(data/data/ com.alu.myic.android/my.trustore3)); try { trustStore.load(in, coucou.toCharArray());} finally { in.close(); } SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore); SchemeRegistry registry = new SchemeRegistry(); registry.register(new Scheme(https, socketFactory, 443)); regards, SC On 4 nov, 10:09, Guillaume Perrot [EMAIL PROTECTED] wrote: We have a trusted one at our software company which is working but I wanted to add an option to trust self signed certificate in the application. I still don't have a solution for that, except using URLConnection API which works well with the AllowAllHostnameVerifier. Theproblemis with the HTTPClientAPI. 2008/11/4 [EMAIL PROTECTED] [EMAIL PROTECTED] have you success yourhttpsconnection? I don't know how to do with the not trusted certificate. thx On 23 oct, 09:23, Guillaume Perrot [EMAIL PROTECTED] wrote: Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. On 23 oct, 10:20, Guillaume Perrot [EMAIL PROTECTED] wrote: Yes I had, though it's not in my sample code. The verification that fails is not the hostname, but later when checking the certificate. And I didn't find a class such as AllowAllSelfSignedCertificates. 2008/10/23 Sean Sullivan [EMAIL PROTECTED] Have you tried using org.apache.http.conn.ssl.AllowAllHostnameVerifier ? http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/module-c... Sean On Oct 17, 7:07 am, Guillaume Perrot [EMAIL PROTECTED] wrote: On android 1.0 I tried to connect to myhttpsserver which uses a self- signed certificate: Here is my code, which uses a custom hostname verifier: /* Create and initialize HTTP parameters */ HttpParams params = new BasicHttpParams(); ConnManagerParams.setMaxTotalConnections(params, 2); HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1); /* Create and initialize scheme registry */ SchemeRegistry schemeRegistry = new SchemeRegistry(); schemeRegistry.register(new Scheme(http, PlainSocketFactory .getSocketFactory(), 80)); SSLSocketFactory sslSocketFactory = SSLSocketFactory.getSocketFactory(); sslSocketFactory.setHostnameVerifier(new X509HostnameVerifier() { @Override public boolean verify(String host, SSLSession session) { return true;
[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
Yes that's what I see everywhere. but, i can't change my API or cartificate... So I'm destine to search search solution... I try to put a certificate in keystore, and to load it from my app. but i have an IOexception : Wrong verion of Key Store. I really don't understand. Source : KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());// KeyStore.getDefaultType() FileInputStream in = new FileInputStream(new File(data/data/ com.alu.myic.android/my.trustore3)); try { trustStore.load(in, coucou.toCharArray()); } finally { in.close(); } SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore); SchemeRegistry registry = new SchemeRegistry(); registry.register(new Scheme(https, socketFactory, 443)); regards, SC On 4 nov, 10:09, Guillaume Perrot [EMAIL PROTECTED] wrote: We have a trusted one at our software company which is working but I wanted to add an option to trust self signed certificate in the application. I still don't have a solution for that, except using URLConnection API which works well with the AllowAllHostnameVerifier. The problem is with the HTTPClient API. 2008/11/4 [EMAIL PROTECTED] [EMAIL PROTECTED] have you success your https connection? I don't know how to do with the not trusted certificate. thx On 23 oct, 09:23, Guillaume Perrot [EMAIL PROTECTED] wrote: Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. On 23 oct, 10:20, Guillaume Perrot [EMAIL PROTECTED] wrote: Yes I had, though it's not in my sample code. The verification that fails is not the hostname, but later when checking the certificate. And I didn't find a class such as AllowAllSelfSignedCertificates. 2008/10/23 Sean Sullivan [EMAIL PROTECTED] Have you tried using org.apache.http.conn.ssl.AllowAllHostnameVerifier ? http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/module-c... Sean On Oct 17, 7:07 am, Guillaume Perrot [EMAIL PROTECTED] wrote: On android 1.0 I tried to connect to myhttpsserver which uses a self- signed certificate: Here is my code, which uses a custom hostname verifier: /* Create and initialize HTTP parameters */ HttpParams params = new BasicHttpParams(); ConnManagerParams.setMaxTotalConnections(params, 2); HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1); /* Create and initialize scheme registry */ SchemeRegistry schemeRegistry = new SchemeRegistry(); schemeRegistry.register(new Scheme(http, PlainSocketFactory .getSocketFactory(), 80)); SSLSocketFactory sslSocketFactory = SSLSocketFactory.getSocketFactory(); sslSocketFactory.setHostnameVerifier(new X509HostnameVerifier() { @Override public boolean verify(String host, SSLSession session) { return true; } @Override public void verify(String host, SSLSocket ssl) throws IOException { /* Nothing to do */ } @Override public void verify(String host, X509Certificate cert) throws SSLException { /* Nothing to do */ } @Override public void verify(String host, String[] cns, String[] subjectAlts) throws SSLException { /* Nothing to do */ } }); schemeRegistry.register(new Scheme(https, sslSocketFactory, 443)); /* Allow multiple threads (two in our case) to access the HTTP client */ ClientConnectionManager cm = new ThreadSafeClientConnManager(params, schemeRegistry); mHttpClient = new DefaultHttpClient(cm, params); try { HttpGet ping = new HttpGet(mConnectionManagerURL); HttpResponse response = mHttpClient.execute(ping); HttpEntity entity = response.getEntity(); if (entity != null) entity.consumeContent(); } catch (IOException ioe) { ioe.printStackTrace(); shutdown(); throw ioe; } catch (Exception e) { e.printStackTrace(); shutdown(); throw new IOException(e.getMessage()); } I have the following exception in stack trace: 10-17 13:46:23.484: ERROR/ubikim-streams(783): javax.net.ssl.SSLException: Not trusted server certificate 10-17 13:46:23.554: ERROR/ubikim-streams(783): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java: 353) 10-17 13:46:23.654: ERROR/ubikim-streams(783): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl $SSLInputStream.init(OpenSSLSocketImpl.java:491)
[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
have you success your https connection? I don't know how to do with the not trusted certificate. thx On 23 oct, 09:23, Guillaume Perrot [EMAIL PROTECTED] wrote: Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. On 23 oct, 10:20, Guillaume Perrot [EMAIL PROTECTED] wrote: Yes I had, though it's not in my sample code. The verification that fails is not the hostname, but later when checking the certificate. And I didn't find a class such as AllowAllSelfSignedCertificates. 2008/10/23 Sean Sullivan [EMAIL PROTECTED] Have you tried using org.apache.http.conn.ssl.AllowAllHostnameVerifier ? http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/module-c... Sean On Oct 17, 7:07 am, Guillaume Perrot [EMAIL PROTECTED] wrote: On android 1.0 I tried to connect to myhttpsserver which uses a self- signed certificate: Here is my code, which uses a custom hostname verifier: /* Create and initialize HTTP parameters */ HttpParams params = new BasicHttpParams(); ConnManagerParams.setMaxTotalConnections(params, 2); HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1); /* Create and initialize scheme registry */ SchemeRegistry schemeRegistry = new SchemeRegistry(); schemeRegistry.register(new Scheme(http, PlainSocketFactory .getSocketFactory(), 80)); SSLSocketFactory sslSocketFactory = SSLSocketFactory.getSocketFactory(); sslSocketFactory.setHostnameVerifier(new X509HostnameVerifier() { @Override public boolean verify(String host, SSLSession session) { return true; } @Override public void verify(String host, SSLSocket ssl) throws IOException { /* Nothing to do */ } @Override public void verify(String host, X509Certificate cert) throws SSLException { /* Nothing to do */ } @Override public void verify(String host, String[] cns, String[] subjectAlts) throws SSLException { /* Nothing to do */ } }); schemeRegistry.register(new Scheme(https, sslSocketFactory, 443)); /* Allow multiple threads (two in our case) to access the HTTP client */ ClientConnectionManager cm = new ThreadSafeClientConnManager(params, schemeRegistry); mHttpClient = new DefaultHttpClient(cm, params); try { HttpGet ping = new HttpGet(mConnectionManagerURL); HttpResponse response = mHttpClient.execute(ping); HttpEntity entity = response.getEntity(); if (entity != null) entity.consumeContent(); } catch (IOException ioe) { ioe.printStackTrace(); shutdown(); throw ioe; } catch (Exception e) { e.printStackTrace(); shutdown(); throw new IOException(e.getMessage()); } I have the following exception in stack trace: 10-17 13:46:23.484: ERROR/ubikim-streams(783): javax.net.ssl.SSLException: Not trusted server certificate 10-17 13:46:23.554: ERROR/ubikim-streams(783): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java: 353) 10-17 13:46:23.654: ERROR/ubikim-streams(783): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl $SSLInputStream.init(OpenSSLSocketImpl.java:491) 10-17 13:46:23.704: ERROR/ubikim-streams(783): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java: 432) 10-17 13:46:23.784: ERROR/ubikim-streams(783): at org.apache.http.impl.io.SocketInputBuffer.init(SocketInputBuffer.java: 93) 10-17 13:46:23.844: ERROR/ubikim-streams(783): at org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java: 83) 10-17 13:46:23.894: ERROR/ubikim-streams(783): at org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java: 170) 10-17 13:46:23.944: ERROR/ubikim-streams(783): at org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java: 106) 10-17 13:46:24.035: ERROR/ubikim-streams(783): at org.apache.http.impl.conn.DefaultClientConnection.openCompleted(DefaultClientConnection.java: 129) 10-17 13:46:24.085: ERROR/ubikim-streams(783): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java: 136) 10-17 13:46:24.135: ERROR/ubikim-streams(783): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java: 164) 10-17 13:46:24.185: ERROR/ubikim-streams(783): at
[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
We have a trusted one at our software company which is working but I wanted to add an option to trust self signed certificate in the application. I still don't have a solution for that, except using URLConnection API which works well with the AllowAllHostnameVerifier. The problem is with the HTTPClient API. 2008/11/4 [EMAIL PROTECTED] [EMAIL PROTECTED] have you success your https connection? I don't know how to do with the not trusted certificate. thx On 23 oct, 09:23, Guillaume Perrot [EMAIL PROTECTED] wrote: Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. On 23 oct, 10:20, Guillaume Perrot [EMAIL PROTECTED] wrote: Yes I had, though it's not in my sample code. The verification that fails is not the hostname, but later when checking the certificate. And I didn't find a class such as AllowAllSelfSignedCertificates. 2008/10/23 Sean Sullivan [EMAIL PROTECTED] Have you tried using org.apache.http.conn.ssl.AllowAllHostnameVerifier ? http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/module-c... Sean On Oct 17, 7:07 am, Guillaume Perrot [EMAIL PROTECTED] wrote: On android 1.0 I tried to connect to myhttpsserver which uses a self- signed certificate: Here is my code, which uses a custom hostname verifier: /* Create and initialize HTTP parameters */ HttpParams params = new BasicHttpParams(); ConnManagerParams.setMaxTotalConnections(params, 2); HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1); /* Create and initialize scheme registry */ SchemeRegistry schemeRegistry = new SchemeRegistry(); schemeRegistry.register(new Scheme(http, PlainSocketFactory .getSocketFactory(), 80)); SSLSocketFactory sslSocketFactory = SSLSocketFactory.getSocketFactory(); sslSocketFactory.setHostnameVerifier(new X509HostnameVerifier() { @Override public boolean verify(String host, SSLSession session) { return true; } @Override public void verify(String host, SSLSocket ssl) throws IOException { /* Nothing to do */ } @Override public void verify(String host, X509Certificate cert) throws SSLException { /* Nothing to do */ } @Override public void verify(String host, String[] cns, String[] subjectAlts) throws SSLException { /* Nothing to do */ } }); schemeRegistry.register(new Scheme(https, sslSocketFactory, 443)); /* Allow multiple threads (two in our case) to access the HTTP client */ ClientConnectionManager cm = new ThreadSafeClientConnManager(params, schemeRegistry); mHttpClient = new DefaultHttpClient(cm, params); try { HttpGet ping = new HttpGet(mConnectionManagerURL); HttpResponse response = mHttpClient.execute(ping); HttpEntity entity = response.getEntity(); if (entity != null) entity.consumeContent(); } catch (IOException ioe) { ioe.printStackTrace(); shutdown(); throw ioe; } catch (Exception e) { e.printStackTrace(); shutdown(); throw new IOException(e.getMessage()); } I have the following exception in stack trace: 10-17 13:46:23.484: ERROR/ubikim-streams(783): javax.net.ssl.SSLException: Not trusted server certificate 10-17 13:46:23.554: ERROR/ubikim-streams(783): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java: 353) 10-17 13:46:23.654: ERROR/ubikim-streams(783): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl $SSLInputStream.init(OpenSSLSocketImpl.java:491) 10-17 13:46:23.704: ERROR/ubikim-streams(783): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java: 432) 10-17 13:46:23.784: ERROR/ubikim-streams(783): at org.apache.http.impl.io.SocketInputBuffer.init(SocketInputBuffer.java: 93) 10-17 13:46:23.844: ERROR/ubikim-streams(783): at org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java: 83) 10-17 13:46:23.894: ERROR/ubikim-streams(783): at org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java: 170) 10-17 13:46:23.944: ERROR/ubikim-streams(783): at org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java: 106) 10-17 13:46:24.035: ERROR/ubikim-streams(783): at
[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
Yes I had, though it's not in my sample code. The verification that fails is not the hostname, but later when checking the certificate. And I didn't find a class such as AllowAllSelfSignedCertificates. 2008/10/23 Sean Sullivan [EMAIL PROTECTED] Have you tried using org.apache.http.conn.ssl.AllowAllHostnameVerifier ? http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/module-client/src/main/java/org/apache/http/conn/ssl/AllowAllHostnameVerifier.java?view=markup Sean On Oct 17, 7:07 am, Guillaume Perrot [EMAIL PROTECTED] wrote: On android 1.0 I tried to connect to my https server which uses a self- signed certificate: Here is my code, which uses a custom hostname verifier: /* Create and initialize HTTP parameters */ HttpParams params = new BasicHttpParams(); ConnManagerParams.setMaxTotalConnections(params, 2); HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1); /* Create and initialize scheme registry */ SchemeRegistry schemeRegistry = new SchemeRegistry(); schemeRegistry.register(new Scheme(http, PlainSocketFactory .getSocketFactory(), 80)); SSLSocketFactory sslSocketFactory = SSLSocketFactory.getSocketFactory(); sslSocketFactory.setHostnameVerifier(new X509HostnameVerifier() { @Override public boolean verify(String host, SSLSession session) { return true; } @Override public void verify(String host, SSLSocket ssl) throws IOException { /* Nothing to do */ } @Override public void verify(String host, X509Certificate cert) throws SSLException { /* Nothing to do */ } @Override public void verify(String host, String[] cns, String[] subjectAlts) throws SSLException { /* Nothing to do */ } }); schemeRegistry.register(new Scheme(https, sslSocketFactory, 443)); /* Allow multiple threads (two in our case) to access the HTTP client */ ClientConnectionManager cm = new ThreadSafeClientConnManager(params, schemeRegistry); mHttpClient = new DefaultHttpClient(cm, params); try { HttpGet ping = new HttpGet(mConnectionManagerURL); HttpResponse response = mHttpClient.execute(ping); HttpEntity entity = response.getEntity(); if (entity != null) entity.consumeContent(); } catch (IOException ioe) { ioe.printStackTrace(); shutdown(); throw ioe; } catch (Exception e) { e.printStackTrace(); shutdown(); throw new IOException(e.getMessage()); } I have the following exception in stack trace: 10-17 13:46:23.484: ERROR/ubikim-streams(783): javax.net.ssl.SSLException: Not trusted server certificate 10-17 13:46:23.554: ERROR/ubikim-streams(783): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java: 353) 10-17 13:46:23.654: ERROR/ubikim-streams(783): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl $SSLInputStream.init(OpenSSLSocketImpl.java:491) 10-17 13:46:23.704: ERROR/ubikim-streams(783): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java: 432) 10-17 13:46:23.784: ERROR/ubikim-streams(783): at org.apache.http.impl.io.SocketInputBuffer.init(SocketInputBuffer.java: 93) 10-17 13:46:23.844: ERROR/ubikim-streams(783): at org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java: 83) 10-17 13:46:23.894: ERROR/ubikim-streams(783): at org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java: 170) 10-17 13:46:23.944: ERROR/ubikim-streams(783): at org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java: 106) 10-17 13:46:24.035: ERROR/ubikim-streams(783): at org.apache.http.impl.conn.DefaultClientConnection.openCompleted(DefaultClientConnection.java: 129) 10-17 13:46:24.085: ERROR/ubikim-streams(783): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java: 136) 10-17 13:46:24.135: ERROR/ubikim-streams(783): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java: 164) 10-17 13:46:24.185: ERROR/ubikim-streams(783): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java: 119) 10-17 13:46:24.275: ERROR/ubikim-streams(783): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java: 348) 10-17 13:46:24.325: ERROR/ubikim-streams(783): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java: 555) 10-17 13:46:24.375: ERROR/ubikim-streams(783):
[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. On 23 oct, 10:20, Guillaume Perrot [EMAIL PROTECTED] wrote: Yes I had, though it's not in my sample code. The verification that fails is not the hostname, but later when checking the certificate. And I didn't find a class such as AllowAllSelfSignedCertificates. 2008/10/23 Sean Sullivan [EMAIL PROTECTED] Have you tried using org.apache.http.conn.ssl.AllowAllHostnameVerifier ? http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/module-c... Sean On Oct 17, 7:07 am, Guillaume Perrot [EMAIL PROTECTED] wrote: On android 1.0 I tried to connect to my https server which uses a self- signed certificate: Here is my code, which uses a custom hostname verifier: /* Create and initialize HTTP parameters */ HttpParams params = new BasicHttpParams(); ConnManagerParams.setMaxTotalConnections(params, 2); HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1); /* Create and initialize scheme registry */ SchemeRegistry schemeRegistry = new SchemeRegistry(); schemeRegistry.register(new Scheme(http, PlainSocketFactory .getSocketFactory(), 80)); SSLSocketFactory sslSocketFactory = SSLSocketFactory.getSocketFactory(); sslSocketFactory.setHostnameVerifier(new X509HostnameVerifier() { @Override public boolean verify(String host, SSLSession session) { return true; } @Override public void verify(String host, SSLSocket ssl) throws IOException { /* Nothing to do */ } @Override public void verify(String host, X509Certificate cert) throws SSLException { /* Nothing to do */ } @Override public void verify(String host, String[] cns, String[] subjectAlts) throws SSLException { /* Nothing to do */ } }); schemeRegistry.register(new Scheme(https, sslSocketFactory, 443)); /* Allow multiple threads (two in our case) to access the HTTP client */ ClientConnectionManager cm = new ThreadSafeClientConnManager(params, schemeRegistry); mHttpClient = new DefaultHttpClient(cm, params); try { HttpGet ping = new HttpGet(mConnectionManagerURL); HttpResponse response = mHttpClient.execute(ping); HttpEntity entity = response.getEntity(); if (entity != null) entity.consumeContent(); } catch (IOException ioe) { ioe.printStackTrace(); shutdown(); throw ioe; } catch (Exception e) { e.printStackTrace(); shutdown(); throw new IOException(e.getMessage()); } I have the following exception in stack trace: 10-17 13:46:23.484: ERROR/ubikim-streams(783): javax.net.ssl.SSLException: Not trusted server certificate 10-17 13:46:23.554: ERROR/ubikim-streams(783): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java: 353) 10-17 13:46:23.654: ERROR/ubikim-streams(783): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl $SSLInputStream.init(OpenSSLSocketImpl.java:491) 10-17 13:46:23.704: ERROR/ubikim-streams(783): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java: 432) 10-17 13:46:23.784: ERROR/ubikim-streams(783): at org.apache.http.impl.io.SocketInputBuffer.init(SocketInputBuffer.java: 93) 10-17 13:46:23.844: ERROR/ubikim-streams(783): at org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java: 83) 10-17 13:46:23.894: ERROR/ubikim-streams(783): at org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java: 170) 10-17 13:46:23.944: ERROR/ubikim-streams(783): at org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java: 106) 10-17 13:46:24.035: ERROR/ubikim-streams(783): at org.apache.http.impl.conn.DefaultClientConnection.openCompleted(DefaultClientConnection.java: 129) 10-17 13:46:24.085: ERROR/ubikim-streams(783): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java: 136) 10-17 13:46:24.135: ERROR/ubikim-streams(783): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java: 164) 10-17 13:46:24.185: ERROR/ubikim-streams(783): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java: 119) 10-17 13:46:24.275: ERROR/ubikim-streams(783): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java: 348) 10-17 13:46:24.325:
[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
Have you tried using org.apache.http.conn.ssl.AllowAllHostnameVerifier ? http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/module-client/src/main/java/org/apache/http/conn/ssl/AllowAllHostnameVerifier.java?view=markup Sean On Oct 17, 7:07 am, Guillaume Perrot [EMAIL PROTECTED] wrote: On android 1.0 I tried to connect to my https server which uses a self- signed certificate: Here is my code, which uses a custom hostname verifier: /* Create and initialize HTTP parameters */ HttpParams params = new BasicHttpParams(); ConnManagerParams.setMaxTotalConnections(params, 2); HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1); /* Create and initialize scheme registry */ SchemeRegistry schemeRegistry = new SchemeRegistry(); schemeRegistry.register(new Scheme(http, PlainSocketFactory .getSocketFactory(), 80)); SSLSocketFactory sslSocketFactory = SSLSocketFactory.getSocketFactory(); sslSocketFactory.setHostnameVerifier(new X509HostnameVerifier() { @Override public boolean verify(String host, SSLSession session) { return true; } @Override public void verify(String host, SSLSocket ssl) throws IOException { /* Nothing to do */ } @Override public void verify(String host, X509Certificate cert) throws SSLException { /* Nothing to do */ } @Override public void verify(String host, String[] cns, String[] subjectAlts) throws SSLException { /* Nothing to do */ } }); schemeRegistry.register(new Scheme(https, sslSocketFactory, 443)); /* Allow multiple threads (two in our case) to access the HTTP client */ ClientConnectionManager cm = new ThreadSafeClientConnManager(params, schemeRegistry); mHttpClient = new DefaultHttpClient(cm, params); try { HttpGet ping = new HttpGet(mConnectionManagerURL); HttpResponse response = mHttpClient.execute(ping); HttpEntity entity = response.getEntity(); if (entity != null) entity.consumeContent(); } catch (IOException ioe) { ioe.printStackTrace(); shutdown(); throw ioe; } catch (Exception e) { e.printStackTrace(); shutdown(); throw new IOException(e.getMessage()); } I have the following exception in stack trace: 10-17 13:46:23.484: ERROR/ubikim-streams(783): javax.net.ssl.SSLException: Not trusted server certificate 10-17 13:46:23.554: ERROR/ubikim-streams(783): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java: 353) 10-17 13:46:23.654: ERROR/ubikim-streams(783): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl $SSLInputStream.init(OpenSSLSocketImpl.java:491) 10-17 13:46:23.704: ERROR/ubikim-streams(783): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java: 432) 10-17 13:46:23.784: ERROR/ubikim-streams(783): at org.apache.http.impl.io.SocketInputBuffer.init(SocketInputBuffer.java: 93) 10-17 13:46:23.844: ERROR/ubikim-streams(783): at org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java: 83) 10-17 13:46:23.894: ERROR/ubikim-streams(783): at org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java: 170) 10-17 13:46:23.944: ERROR/ubikim-streams(783): at org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java: 106) 10-17 13:46:24.035: ERROR/ubikim-streams(783): at org.apache.http.impl.conn.DefaultClientConnection.openCompleted(DefaultClientConnection.java: 129) 10-17 13:46:24.085: ERROR/ubikim-streams(783): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java: 136) 10-17 13:46:24.135: ERROR/ubikim-streams(783): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java: 164) 10-17 13:46:24.185: ERROR/ubikim-streams(783): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java: 119) 10-17 13:46:24.275: ERROR/ubikim-streams(783): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java: 348) 10-17 13:46:24.325: ERROR/ubikim-streams(783): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java: 555) 10-17 13:46:24.375: ERROR/ubikim-streams(783): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java: 487) 10-17 13:46:24.425: ERROR/ubikim-streams(783): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java: 465) 10-17 13:46:24.504: ERROR/ubikim-streams(783): at com.ubikod.smackx.bosh.BoshSession.init(BoshSession.java:105) 10-17 13:46:24.554:
[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
I am also facing the same problem. Can please any one help us. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
My server used a valid certificate (authenticated by godaddy.com), you can view the certificate by trying to access https://ubithere.com:5280/http-bind I have the same error when I used a self-signed certificate. On Oct 20, 8:13 am, vel [EMAIL PROTECTED] wrote: I am also facing the same problem. Can please any one help us. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
Forgot to say, the aim is to allow to use self-signed server certificates, it does work with trusted ones. On 20 oct, 08:13, vel [EMAIL PROTECTED] wrote: I am also facing the same problem. Can please any one help us. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---