[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
I'm pretty new to Java so it took some digging, but here's my
solution:
HttpParams parameters = new BasicHttpParams();
SchemeRegistry schemeRegistry = new SchemeRegistry();
SSLSocketFactory sslSocketFactory = SSLSocketFactory.getSocketFactory
();
sslSocketFactory.setHostnameVerifier
(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
schemeRegistry.register(new Scheme(https, sslSocketFactory, 443));
ClientConnectionManager manager = new ThreadSafeClientConnManager
(parameters, schemeRegistry);
HttpClient httpClient = new DefaultHttpClient(manager, parameters);
This will accept any certificate so it should not be used in
production code. Consider it a hack to get moving.
On Nov 4, 12:43 am, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
have you success yourhttpsconnection?
I don't know how to do with the not trusted certificate.
thx
On 23 oct, 09:23, Guillaume Perrot [EMAIL PROTECTED] wrote:
Caused by:
java.security.cert.CertPathValidatorException: TrustAnchor for
CertPath not found.
On 23 oct, 10:20, Guillaume Perrot [EMAIL PROTECTED] wrote:
Yes I had, though it's not in my sample code.
The verification that fails is not the hostname, but later when checking
the
certificate.
And I didn't find a class such as AllowAllSelfSignedCertificates.
2008/10/23 Sean Sullivan [EMAIL PROTECTED]
Have you tried using
org.apache.http.conn.ssl.AllowAllHostnameVerifier ?
http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/module-c...
Sean
On Oct 17, 7:07 am, Guillaume Perrot [EMAIL PROTECTED] wrote:
On android 1.0 I tried to connect to myhttpsserver which uses a self-
signed certificate:
Here is my code, which uses a custom hostname verifier:
/* Create and initialize HTTP parameters */
HttpParams params = new BasicHttpParams();
ConnManagerParams.setMaxTotalConnections(params, 2);
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
/* Create and initialize scheme registry */
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme(http, PlainSocketFactory
.getSocketFactory(), 80));
SSLSocketFactory sslSocketFactory =
SSLSocketFactory.getSocketFactory();
sslSocketFactory.setHostnameVerifier(new X509HostnameVerifier()
{
@Override
public boolean verify(String host, SSLSession session)
{
return true;
}
@Override
public void verify(String host, SSLSocket ssl) throws
IOException
{
/* Nothing to do */
}
@Override
public void verify(String host, X509Certificate cert) throws
SSLException
{
/* Nothing to do */
}
@Override
public void verify(String host, String[] cns, String[]
subjectAlts)
throws SSLException
{
/* Nothing to do */
}
});
schemeRegistry.register(new Scheme(https, sslSocketFactory,
443));
/* Allow multiple threads (two in our case) to access the HTTP
client */
ClientConnectionManager cm = new
ThreadSafeClientConnManager(params,
schemeRegistry);
mHttpClient = new DefaultHttpClient(cm, params);
try
{
HttpGet ping = new HttpGet(mConnectionManagerURL);
HttpResponse response = mHttpClient.execute(ping);
HttpEntity entity = response.getEntity();
if (entity != null)
entity.consumeContent();
}
catch (IOException ioe)
{
ioe.printStackTrace();
shutdown();
throw ioe;
}
catch (Exception e)
{
e.printStackTrace();
shutdown();
throw new IOException(e.getMessage());
}
I have the following exception in stack trace:
10-17 13:46:23.484: ERROR/ubikim-streams(783):
javax.net.ssl.SSLException: Not trusted server certificate
10-17 13:46:23.554: ERROR/ubikim-streams(783): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(Open
SSLSocketImpl.java:
353)
10-17 13:46:23.654: ERROR/ubikim-streams(783): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl
$SSLInputStream.init(OpenSSLSocketImpl.java:491)
10-17 13:46:23.704: ERROR/ubikim-streams(783): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(Open
SSLSocketImpl.java:
432)
10-17 13:46:23.784: ERROR/ubikim-streams(783): at
org.apache.http.impl.io.SocketInputBuffer.init(SocketInputBuffer.java:
93)
10-17 13:46:23.844: ERROR/ubikim-streams(783): at
org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(So
cketHttpClientConnection.java:
83)
10-17
[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
Wrong keystore version could mean that you do not use the BKS format
but JKS.
I had to write a converter:
package org.webpki.tools;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.util.Enumeration;
import java.security.KeyStore;
import java.security.Key;
import java.security.Security;
import java.security.cert.Certificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class JKS2BKSConverter
{
public static void main (String argv[]) throws Exception
{
if (argv.length != 4)
{
System.out.println (JKS2BKSConverter.class.getName () +
jksfile bksfile/-same storepass keypass);
System.exit (3);
}
Security.addProvider (new BouncyCastleProvider ());
KeyStore jks = KeyStore.getInstance (JKS);
jks.load (new FileInputStream (argv[0]), argv[2].toCharArray
());
KeyStore bks = KeyStore.getInstance (BKS);
bks.load (null, null);
EnumerationString aliases = jks.aliases ();
while (aliases.hasMoreElements ())
{
String alias = aliases.nextElement ();
if (jks.isKeyEntry (alias))
{
Certificate[] chain = jks.getCertificateChain (alias);
Key key = jks.getKey (alias, argv[3].toCharArray ());
bks.setKeyEntry (alias, key, argv[3].toCharArray (),
chain);
}
else if (jks.isCertificateEntry (alias))
{
Certificate certificate = jks.getCertificate (alias);
bks.setCertificateEntry (alias, certificate);
}
else
{
throw new Exception (Bad KS);
}
}
bks.store (new FileOutputStream (argv[1].equals (-same) ?
argv[0] : argv[1]), argv[2].toCharArray ());
}
}
On Nov 5, 9:02 am, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Yes that's what I see everywhere. but, i can't change my API or
cartificate...
So I'm destine to search search solution...
I try to put a certificate in keystore, and to load it from my app.
but i have an IOexception : Wrong verion of Key Store.
I really don't understand.
Source :
KeyStore trustStore =
KeyStore.getInstance(KeyStore.getDefaultType());//
KeyStore.getDefaultType()
FileInputStream in = new FileInputStream(new File(data/data/
com.alu.myic.android/my.trustore3));
try {
trustStore.load(in, coucou.toCharArray());} finally {
in.close();
}
SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme(https, socketFactory, 443));
regards,
SC
On 4 nov, 10:09, Guillaume Perrot [EMAIL PROTECTED] wrote:
We have a trusted one at our software company which is working but I wanted
to add an option to trust self signed certificate in the application.
I still don't have a solution for that, except using URLConnection API which
works well with the AllowAllHostnameVerifier. Theproblemis with the
HTTPClientAPI.
2008/11/4 [EMAIL PROTECTED] [EMAIL PROTECTED]
have you success yourhttpsconnection?
I don't know how to do with the not trusted certificate.
thx
On 23 oct, 09:23, Guillaume Perrot [EMAIL PROTECTED] wrote:
Caused by:
java.security.cert.CertPathValidatorException: TrustAnchor for
CertPath not found.
On 23 oct, 10:20, Guillaume Perrot [EMAIL PROTECTED] wrote:
Yes I had, though it's not in my sample code.
The verification that fails is not the hostname, but later when
checking the
certificate.
And I didn't find a class such as AllowAllSelfSignedCertificates.
2008/10/23 Sean Sullivan [EMAIL PROTECTED]
Have you tried using
org.apache.http.conn.ssl.AllowAllHostnameVerifier ?
http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/module-c...
Sean
On Oct 17, 7:07 am, Guillaume Perrot [EMAIL PROTECTED]
wrote:
On android 1.0 I tried to connect to myhttpsserver which uses a
self-
signed certificate:
Here is my code, which uses a custom hostname verifier:
/* Create and initialize HTTP parameters */
HttpParams params = new BasicHttpParams();
ConnManagerParams.setMaxTotalConnections(params, 2);
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
/* Create and initialize scheme registry */
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme(http, PlainSocketFactory
.getSocketFactory(), 80));
SSLSocketFactory sslSocketFactory =
SSLSocketFactory.getSocketFactory();
sslSocketFactory.setHostnameVerifier(new
X509HostnameVerifier()
{
@Override
public boolean verify(String host, SSLSession session)
{
return true;
[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
Yes that's what I see everywhere. but, i can't change my API or
cartificate...
So I'm destine to search search solution...
I try to put a certificate in keystore, and to load it from my app.
but i have an IOexception : Wrong verion of Key Store.
I really don't understand.
Source :
KeyStore trustStore =
KeyStore.getInstance(KeyStore.getDefaultType());//
KeyStore.getDefaultType()
FileInputStream in = new FileInputStream(new File(data/data/
com.alu.myic.android/my.trustore3));
try {
trustStore.load(in, coucou.toCharArray());
} finally {
in.close();
}
SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme(https, socketFactory, 443));
regards,
SC
On 4 nov, 10:09, Guillaume Perrot [EMAIL PROTECTED] wrote:
We have a trusted one at our software company which is working but I wanted
to add an option to trust self signed certificate in the application.
I still don't have a solution for that, except using URLConnection API which
works well with the AllowAllHostnameVerifier. The problem is with the
HTTPClient API.
2008/11/4 [EMAIL PROTECTED] [EMAIL PROTECTED]
have you success your https connection?
I don't know how to do with the not trusted certificate.
thx
On 23 oct, 09:23, Guillaume Perrot [EMAIL PROTECTED] wrote:
Caused by:
java.security.cert.CertPathValidatorException: TrustAnchor for
CertPath not found.
On 23 oct, 10:20, Guillaume Perrot [EMAIL PROTECTED] wrote:
Yes I had, though it's not in my sample code.
The verification that fails is not the hostname, but later when
checking the
certificate.
And I didn't find a class such as AllowAllSelfSignedCertificates.
2008/10/23 Sean Sullivan [EMAIL PROTECTED]
Have you tried using
org.apache.http.conn.ssl.AllowAllHostnameVerifier ?
http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/module-c...
Sean
On Oct 17, 7:07 am, Guillaume Perrot [EMAIL PROTECTED]
wrote:
On android 1.0 I tried to connect to myhttpsserver which uses a
self-
signed certificate:
Here is my code, which uses a custom hostname verifier:
/* Create and initialize HTTP parameters */
HttpParams params = new BasicHttpParams();
ConnManagerParams.setMaxTotalConnections(params, 2);
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
/* Create and initialize scheme registry */
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme(http, PlainSocketFactory
.getSocketFactory(), 80));
SSLSocketFactory sslSocketFactory =
SSLSocketFactory.getSocketFactory();
sslSocketFactory.setHostnameVerifier(new X509HostnameVerifier()
{
@Override
public boolean verify(String host, SSLSession session)
{
return true;
}
@Override
public void verify(String host, SSLSocket ssl) throws
IOException
{
/* Nothing to do */
}
@Override
public void verify(String host, X509Certificate cert) throws
SSLException
{
/* Nothing to do */
}
@Override
public void verify(String host, String[] cns, String[]
subjectAlts)
throws SSLException
{
/* Nothing to do */
}
});
schemeRegistry.register(new Scheme(https, sslSocketFactory,
443));
/* Allow multiple threads (two in our case) to access the HTTP
client */
ClientConnectionManager cm = new
ThreadSafeClientConnManager(params,
schemeRegistry);
mHttpClient = new DefaultHttpClient(cm, params);
try
{
HttpGet ping = new HttpGet(mConnectionManagerURL);
HttpResponse response = mHttpClient.execute(ping);
HttpEntity entity = response.getEntity();
if (entity != null)
entity.consumeContent();
}
catch (IOException ioe)
{
ioe.printStackTrace();
shutdown();
throw ioe;
}
catch (Exception e)
{
e.printStackTrace();
shutdown();
throw new IOException(e.getMessage());
}
I have the following exception in stack trace:
10-17 13:46:23.484: ERROR/ubikim-streams(783):
javax.net.ssl.SSLException: Not trusted server certificate
10-17 13:46:23.554: ERROR/ubikim-streams(783): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:
353)
10-17 13:46:23.654: ERROR/ubikim-streams(783): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl
$SSLInputStream.init(OpenSSLSocketImpl.java:491)
[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
have you success your https connection?
I don't know how to do with the not trusted certificate.
thx
On 23 oct, 09:23, Guillaume Perrot [EMAIL PROTECTED] wrote:
Caused by:
java.security.cert.CertPathValidatorException: TrustAnchor for
CertPath not found.
On 23 oct, 10:20, Guillaume Perrot [EMAIL PROTECTED] wrote:
Yes I had, though it's not in my sample code.
The verification that fails is not the hostname, but later when checking the
certificate.
And I didn't find a class such as AllowAllSelfSignedCertificates.
2008/10/23 Sean Sullivan [EMAIL PROTECTED]
Have you tried using
org.apache.http.conn.ssl.AllowAllHostnameVerifier ?
http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/module-c...
Sean
On Oct 17, 7:07 am, Guillaume Perrot [EMAIL PROTECTED] wrote:
On android 1.0 I tried to connect to myhttpsserver which uses a self-
signed certificate:
Here is my code, which uses a custom hostname verifier:
/* Create and initialize HTTP parameters */
HttpParams params = new BasicHttpParams();
ConnManagerParams.setMaxTotalConnections(params, 2);
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
/* Create and initialize scheme registry */
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme(http, PlainSocketFactory
.getSocketFactory(), 80));
SSLSocketFactory sslSocketFactory =
SSLSocketFactory.getSocketFactory();
sslSocketFactory.setHostnameVerifier(new X509HostnameVerifier()
{
@Override
public boolean verify(String host, SSLSession session)
{
return true;
}
@Override
public void verify(String host, SSLSocket ssl) throws
IOException
{
/* Nothing to do */
}
@Override
public void verify(String host, X509Certificate cert) throws
SSLException
{
/* Nothing to do */
}
@Override
public void verify(String host, String[] cns, String[]
subjectAlts)
throws SSLException
{
/* Nothing to do */
}
});
schemeRegistry.register(new Scheme(https, sslSocketFactory,
443));
/* Allow multiple threads (two in our case) to access the HTTP
client */
ClientConnectionManager cm = new
ThreadSafeClientConnManager(params,
schemeRegistry);
mHttpClient = new DefaultHttpClient(cm, params);
try
{
HttpGet ping = new HttpGet(mConnectionManagerURL);
HttpResponse response = mHttpClient.execute(ping);
HttpEntity entity = response.getEntity();
if (entity != null)
entity.consumeContent();
}
catch (IOException ioe)
{
ioe.printStackTrace();
shutdown();
throw ioe;
}
catch (Exception e)
{
e.printStackTrace();
shutdown();
throw new IOException(e.getMessage());
}
I have the following exception in stack trace:
10-17 13:46:23.484: ERROR/ubikim-streams(783):
javax.net.ssl.SSLException: Not trusted server certificate
10-17 13:46:23.554: ERROR/ubikim-streams(783): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:
353)
10-17 13:46:23.654: ERROR/ubikim-streams(783): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl
$SSLInputStream.init(OpenSSLSocketImpl.java:491)
10-17 13:46:23.704: ERROR/ubikim-streams(783): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:
432)
10-17 13:46:23.784: ERROR/ubikim-streams(783): at
org.apache.http.impl.io.SocketInputBuffer.init(SocketInputBuffer.java:
93)
10-17 13:46:23.844: ERROR/ubikim-streams(783): at
org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java:
83)
10-17 13:46:23.894: ERROR/ubikim-streams(783): at
org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java:
170)
10-17 13:46:23.944: ERROR/ubikim-streams(783): at
org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java:
106)
10-17 13:46:24.035: ERROR/ubikim-streams(783): at
org.apache.http.impl.conn.DefaultClientConnection.openCompleted(DefaultClientConnection.java:
129)
10-17 13:46:24.085: ERROR/ubikim-streams(783): at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:
136)
10-17 13:46:24.135: ERROR/ubikim-streams(783): at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:
164)
10-17 13:46:24.185: ERROR/ubikim-streams(783): at
[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
We have a trusted one at our software company which is working but I wanted
to add an option to trust self signed certificate in the application.
I still don't have a solution for that, except using URLConnection API which
works well with the AllowAllHostnameVerifier. The problem is with the
HTTPClient API.
2008/11/4 [EMAIL PROTECTED] [EMAIL PROTECTED]
have you success your https connection?
I don't know how to do with the not trusted certificate.
thx
On 23 oct, 09:23, Guillaume Perrot [EMAIL PROTECTED] wrote:
Caused by:
java.security.cert.CertPathValidatorException: TrustAnchor for
CertPath not found.
On 23 oct, 10:20, Guillaume Perrot [EMAIL PROTECTED] wrote:
Yes I had, though it's not in my sample code.
The verification that fails is not the hostname, but later when
checking the
certificate.
And I didn't find a class such as AllowAllSelfSignedCertificates.
2008/10/23 Sean Sullivan [EMAIL PROTECTED]
Have you tried using
org.apache.http.conn.ssl.AllowAllHostnameVerifier ?
http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/module-c...
Sean
On Oct 17, 7:07 am, Guillaume Perrot [EMAIL PROTECTED]
wrote:
On android 1.0 I tried to connect to myhttpsserver which uses a
self-
signed certificate:
Here is my code, which uses a custom hostname verifier:
/* Create and initialize HTTP parameters */
HttpParams params = new BasicHttpParams();
ConnManagerParams.setMaxTotalConnections(params, 2);
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
/* Create and initialize scheme registry */
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme(http, PlainSocketFactory
.getSocketFactory(), 80));
SSLSocketFactory sslSocketFactory =
SSLSocketFactory.getSocketFactory();
sslSocketFactory.setHostnameVerifier(new X509HostnameVerifier()
{
@Override
public boolean verify(String host, SSLSession session)
{
return true;
}
@Override
public void verify(String host, SSLSocket ssl) throws
IOException
{
/* Nothing to do */
}
@Override
public void verify(String host, X509Certificate cert) throws
SSLException
{
/* Nothing to do */
}
@Override
public void verify(String host, String[] cns, String[]
subjectAlts)
throws SSLException
{
/* Nothing to do */
}
});
schemeRegistry.register(new Scheme(https, sslSocketFactory,
443));
/* Allow multiple threads (two in our case) to access the HTTP
client */
ClientConnectionManager cm = new
ThreadSafeClientConnManager(params,
schemeRegistry);
mHttpClient = new DefaultHttpClient(cm, params);
try
{
HttpGet ping = new HttpGet(mConnectionManagerURL);
HttpResponse response = mHttpClient.execute(ping);
HttpEntity entity = response.getEntity();
if (entity != null)
entity.consumeContent();
}
catch (IOException ioe)
{
ioe.printStackTrace();
shutdown();
throw ioe;
}
catch (Exception e)
{
e.printStackTrace();
shutdown();
throw new IOException(e.getMessage());
}
I have the following exception in stack trace:
10-17 13:46:23.484: ERROR/ubikim-streams(783):
javax.net.ssl.SSLException: Not trusted server certificate
10-17 13:46:23.554: ERROR/ubikim-streams(783): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:
353)
10-17 13:46:23.654: ERROR/ubikim-streams(783): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl
$SSLInputStream.init(OpenSSLSocketImpl.java:491)
10-17 13:46:23.704: ERROR/ubikim-streams(783): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:
432)
10-17 13:46:23.784: ERROR/ubikim-streams(783): at
org.apache.http.impl.io.SocketInputBuffer.init(SocketInputBuffer.java:
93)
10-17 13:46:23.844: ERROR/ubikim-streams(783): at
org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java:
83)
10-17 13:46:23.894: ERROR/ubikim-streams(783): at
org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java:
170)
10-17 13:46:23.944: ERROR/ubikim-streams(783): at
org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java:
106)
10-17 13:46:24.035: ERROR/ubikim-streams(783): at
[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
Yes I had, though it's not in my sample code.
The verification that fails is not the hostname, but later when checking the
certificate.
And I didn't find a class such as AllowAllSelfSignedCertificates.
2008/10/23 Sean Sullivan [EMAIL PROTECTED]
Have you tried using
org.apache.http.conn.ssl.AllowAllHostnameVerifier ?
http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/module-client/src/main/java/org/apache/http/conn/ssl/AllowAllHostnameVerifier.java?view=markup
Sean
On Oct 17, 7:07 am, Guillaume Perrot [EMAIL PROTECTED] wrote:
On android 1.0 I tried to connect to my https server which uses a self-
signed certificate:
Here is my code, which uses a custom hostname verifier:
/* Create and initialize HTTP parameters */
HttpParams params = new BasicHttpParams();
ConnManagerParams.setMaxTotalConnections(params, 2);
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
/* Create and initialize scheme registry */
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme(http, PlainSocketFactory
.getSocketFactory(), 80));
SSLSocketFactory sslSocketFactory =
SSLSocketFactory.getSocketFactory();
sslSocketFactory.setHostnameVerifier(new X509HostnameVerifier()
{
@Override
public boolean verify(String host, SSLSession session)
{
return true;
}
@Override
public void verify(String host, SSLSocket ssl) throws
IOException
{
/* Nothing to do */
}
@Override
public void verify(String host, X509Certificate cert) throws
SSLException
{
/* Nothing to do */
}
@Override
public void verify(String host, String[] cns, String[]
subjectAlts)
throws SSLException
{
/* Nothing to do */
}
});
schemeRegistry.register(new Scheme(https, sslSocketFactory,
443));
/* Allow multiple threads (two in our case) to access the HTTP
client */
ClientConnectionManager cm = new
ThreadSafeClientConnManager(params,
schemeRegistry);
mHttpClient = new DefaultHttpClient(cm, params);
try
{
HttpGet ping = new HttpGet(mConnectionManagerURL);
HttpResponse response = mHttpClient.execute(ping);
HttpEntity entity = response.getEntity();
if (entity != null)
entity.consumeContent();
}
catch (IOException ioe)
{
ioe.printStackTrace();
shutdown();
throw ioe;
}
catch (Exception e)
{
e.printStackTrace();
shutdown();
throw new IOException(e.getMessage());
}
I have the following exception in stack trace:
10-17 13:46:23.484: ERROR/ubikim-streams(783):
javax.net.ssl.SSLException: Not trusted server certificate
10-17 13:46:23.554: ERROR/ubikim-streams(783): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:
353)
10-17 13:46:23.654: ERROR/ubikim-streams(783): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl
$SSLInputStream.init(OpenSSLSocketImpl.java:491)
10-17 13:46:23.704: ERROR/ubikim-streams(783): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:
432)
10-17 13:46:23.784: ERROR/ubikim-streams(783): at
org.apache.http.impl.io.SocketInputBuffer.init(SocketInputBuffer.java:
93)
10-17 13:46:23.844: ERROR/ubikim-streams(783): at
org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java:
83)
10-17 13:46:23.894: ERROR/ubikim-streams(783): at
org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java:
170)
10-17 13:46:23.944: ERROR/ubikim-streams(783): at
org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java:
106)
10-17 13:46:24.035: ERROR/ubikim-streams(783): at
org.apache.http.impl.conn.DefaultClientConnection.openCompleted(DefaultClientConnection.java:
129)
10-17 13:46:24.085: ERROR/ubikim-streams(783): at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:
136)
10-17 13:46:24.135: ERROR/ubikim-streams(783): at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:
164)
10-17 13:46:24.185: ERROR/ubikim-streams(783): at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:
119)
10-17 13:46:24.275: ERROR/ubikim-streams(783): at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:
348)
10-17 13:46:24.325: ERROR/ubikim-streams(783): at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
555)
10-17 13:46:24.375: ERROR/ubikim-streams(783):
[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
Caused by:
java.security.cert.CertPathValidatorException: TrustAnchor for
CertPath not found.
On 23 oct, 10:20, Guillaume Perrot [EMAIL PROTECTED] wrote:
Yes I had, though it's not in my sample code.
The verification that fails is not the hostname, but later when checking the
certificate.
And I didn't find a class such as AllowAllSelfSignedCertificates.
2008/10/23 Sean Sullivan [EMAIL PROTECTED]
Have you tried using
org.apache.http.conn.ssl.AllowAllHostnameVerifier ?
http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/module-c...
Sean
On Oct 17, 7:07 am, Guillaume Perrot [EMAIL PROTECTED] wrote:
On android 1.0 I tried to connect to my https server which uses a self-
signed certificate:
Here is my code, which uses a custom hostname verifier:
/* Create and initialize HTTP parameters */
HttpParams params = new BasicHttpParams();
ConnManagerParams.setMaxTotalConnections(params, 2);
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
/* Create and initialize scheme registry */
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme(http, PlainSocketFactory
.getSocketFactory(), 80));
SSLSocketFactory sslSocketFactory =
SSLSocketFactory.getSocketFactory();
sslSocketFactory.setHostnameVerifier(new X509HostnameVerifier()
{
@Override
public boolean verify(String host, SSLSession session)
{
return true;
}
@Override
public void verify(String host, SSLSocket ssl) throws
IOException
{
/* Nothing to do */
}
@Override
public void verify(String host, X509Certificate cert) throws
SSLException
{
/* Nothing to do */
}
@Override
public void verify(String host, String[] cns, String[]
subjectAlts)
throws SSLException
{
/* Nothing to do */
}
});
schemeRegistry.register(new Scheme(https, sslSocketFactory,
443));
/* Allow multiple threads (two in our case) to access the HTTP
client */
ClientConnectionManager cm = new
ThreadSafeClientConnManager(params,
schemeRegistry);
mHttpClient = new DefaultHttpClient(cm, params);
try
{
HttpGet ping = new HttpGet(mConnectionManagerURL);
HttpResponse response = mHttpClient.execute(ping);
HttpEntity entity = response.getEntity();
if (entity != null)
entity.consumeContent();
}
catch (IOException ioe)
{
ioe.printStackTrace();
shutdown();
throw ioe;
}
catch (Exception e)
{
e.printStackTrace();
shutdown();
throw new IOException(e.getMessage());
}
I have the following exception in stack trace:
10-17 13:46:23.484: ERROR/ubikim-streams(783):
javax.net.ssl.SSLException: Not trusted server certificate
10-17 13:46:23.554: ERROR/ubikim-streams(783): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:
353)
10-17 13:46:23.654: ERROR/ubikim-streams(783): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl
$SSLInputStream.init(OpenSSLSocketImpl.java:491)
10-17 13:46:23.704: ERROR/ubikim-streams(783): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:
432)
10-17 13:46:23.784: ERROR/ubikim-streams(783): at
org.apache.http.impl.io.SocketInputBuffer.init(SocketInputBuffer.java:
93)
10-17 13:46:23.844: ERROR/ubikim-streams(783): at
org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java:
83)
10-17 13:46:23.894: ERROR/ubikim-streams(783): at
org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java:
170)
10-17 13:46:23.944: ERROR/ubikim-streams(783): at
org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java:
106)
10-17 13:46:24.035: ERROR/ubikim-streams(783): at
org.apache.http.impl.conn.DefaultClientConnection.openCompleted(DefaultClientConnection.java:
129)
10-17 13:46:24.085: ERROR/ubikim-streams(783): at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:
136)
10-17 13:46:24.135: ERROR/ubikim-streams(783): at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:
164)
10-17 13:46:24.185: ERROR/ubikim-streams(783): at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:
119)
10-17 13:46:24.275: ERROR/ubikim-streams(783): at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:
348)
10-17 13:46:24.325:
[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
Have you tried using
org.apache.http.conn.ssl.AllowAllHostnameVerifier ?
http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/module-client/src/main/java/org/apache/http/conn/ssl/AllowAllHostnameVerifier.java?view=markup
Sean
On Oct 17, 7:07 am, Guillaume Perrot [EMAIL PROTECTED] wrote:
On android 1.0 I tried to connect to my https server which uses a self-
signed certificate:
Here is my code, which uses a custom hostname verifier:
/* Create and initialize HTTP parameters */
HttpParams params = new BasicHttpParams();
ConnManagerParams.setMaxTotalConnections(params, 2);
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
/* Create and initialize scheme registry */
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme(http, PlainSocketFactory
.getSocketFactory(), 80));
SSLSocketFactory sslSocketFactory =
SSLSocketFactory.getSocketFactory();
sslSocketFactory.setHostnameVerifier(new X509HostnameVerifier()
{
@Override
public boolean verify(String host, SSLSession session)
{
return true;
}
@Override
public void verify(String host, SSLSocket ssl) throws
IOException
{
/* Nothing to do */
}
@Override
public void verify(String host, X509Certificate cert) throws
SSLException
{
/* Nothing to do */
}
@Override
public void verify(String host, String[] cns, String[]
subjectAlts)
throws SSLException
{
/* Nothing to do */
}
});
schemeRegistry.register(new Scheme(https, sslSocketFactory,
443));
/* Allow multiple threads (two in our case) to access the HTTP
client */
ClientConnectionManager cm = new
ThreadSafeClientConnManager(params,
schemeRegistry);
mHttpClient = new DefaultHttpClient(cm, params);
try
{
HttpGet ping = new HttpGet(mConnectionManagerURL);
HttpResponse response = mHttpClient.execute(ping);
HttpEntity entity = response.getEntity();
if (entity != null)
entity.consumeContent();
}
catch (IOException ioe)
{
ioe.printStackTrace();
shutdown();
throw ioe;
}
catch (Exception e)
{
e.printStackTrace();
shutdown();
throw new IOException(e.getMessage());
}
I have the following exception in stack trace:
10-17 13:46:23.484: ERROR/ubikim-streams(783):
javax.net.ssl.SSLException: Not trusted server certificate
10-17 13:46:23.554: ERROR/ubikim-streams(783): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:
353)
10-17 13:46:23.654: ERROR/ubikim-streams(783): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl
$SSLInputStream.init(OpenSSLSocketImpl.java:491)
10-17 13:46:23.704: ERROR/ubikim-streams(783): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:
432)
10-17 13:46:23.784: ERROR/ubikim-streams(783): at
org.apache.http.impl.io.SocketInputBuffer.init(SocketInputBuffer.java:
93)
10-17 13:46:23.844: ERROR/ubikim-streams(783): at
org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java:
83)
10-17 13:46:23.894: ERROR/ubikim-streams(783): at
org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java:
170)
10-17 13:46:23.944: ERROR/ubikim-streams(783): at
org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java:
106)
10-17 13:46:24.035: ERROR/ubikim-streams(783): at
org.apache.http.impl.conn.DefaultClientConnection.openCompleted(DefaultClientConnection.java:
129)
10-17 13:46:24.085: ERROR/ubikim-streams(783): at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:
136)
10-17 13:46:24.135: ERROR/ubikim-streams(783): at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:
164)
10-17 13:46:24.185: ERROR/ubikim-streams(783): at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:
119)
10-17 13:46:24.275: ERROR/ubikim-streams(783): at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:
348)
10-17 13:46:24.325: ERROR/ubikim-streams(783): at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
555)
10-17 13:46:24.375: ERROR/ubikim-streams(783): at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
487)
10-17 13:46:24.425: ERROR/ubikim-streams(783): at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
465)
10-17 13:46:24.504: ERROR/ubikim-streams(783): at
com.ubikod.smackx.bosh.BoshSession.init(BoshSession.java:105)
10-17 13:46:24.554:
[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
I am also facing the same problem. Can please any one help us. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
My server used a valid certificate (authenticated by godaddy.com), you can view the certificate by trying to access https://ubithere.com:5280/http-bind I have the same error when I used a self-signed certificate. On Oct 20, 8:13 am, vel [EMAIL PROTECTED] wrote: I am also facing the same problem. Can please any one help us. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1
Forgot to say, the aim is to allow to use self-signed server certificates, it does work with trusted ones. On 20 oct, 08:13, vel [EMAIL PROTECTED] wrote: I am also facing the same problem. Can please any one help us. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
