On Tue, Jan 10, 2012 at 4:32 PM, Carl Minden <[email protected]> wrote: > when I made the certificate in openssl I did not call X509_sign() to > sign it...for my use case it didn't need to be signed so I hadn't > bothered. >
I see. If it's not signed, it not technically a certificate, so it's funny that it worked before. (signatureValue is requried) Android was probably just ignoring the parse error. > I changed my code so that I signed the certificate with its private > key and then added the signed certificate to the STACK_OF(X509) > certificate authority cert chain used to created the pkcs12 > certificate with pkcs12_create(). > Why not use the openssl commands? Those have (some) error checking and shouldn't produce a malformed PKCS#12 file, etc. > I believe I didn't have to pass the SSLSocketFactory a truststore > because that information was included in the pkcs12 certificate via > the CA cert chain. Looks like it. Still it probably shouldn't trust it implicitly... Will check the code later to see what is going on. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
