[android-developers] SSL handshake failure when client certificate is requested

Thu, 10 Dec 2009 11:01:18 -0800 

Hello,

Trying to set up a secure connection via SSL I get a SSL handshake
failure when the server requests the client certificate. The code
excerpt shown below (basically Apache's ClientCustomSSL.java example
extended to use custom keystore for client cert and to support BKS
keystores) works on my desktop PC but throws a handshake failure in
Android simulator. Is this a bug, do I miss to add something Android
specific or is it just a permission problem?

Setup on PC: OS: openSuse 11.1, Java: SUN 1.6.0_17, openssl: 0.9.8h
Android SDK platform: 1.5_r3 revision 3
________________________________
DefaultHttpClient httpclient = new DefaultHttpClient();

// [ ... ] lines for key- and truststore initialization omitted

SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore,
keyStorePassword ,trustStore);

Scheme sch = new Scheme("https", socketFactory, 4433);
httpclient.getConnectionManager().getSchemeRegistry().register(sch);

HttpGet httpget = new HttpGet("https://192.168.0.63:4433";);

System.out.println("executing request" + httpget.getRequestLine());

// SSL handshake failure when executing next line
HttpResponse response = httpclient.execute(httpget);

// [...] Remaining code omitted
_________________________________
Logcat:
W/System.err( 1313): java.io.IOException: SSL handshake failure:
Failure in SSL library, usually a protocol error
W/System.err( 1313): error:14094410:SSL routines:SSL3_READ_BYTES:sslv3
alert handshake failure (external/openssl/ssl/s3_pkt.c:1053
0x2911c0:0x00000003)
_________________________________
Server (openssl s_server [...] -Verify 1
21435:error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did
not return a certificate:s3_srvr.c:2514:
_________________________________

Thanks for you help

Alex



-- 
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Reply via email to