Re: [android-developers] SSL handshake failure when client certificate is requested

Fri, 11 Dec 2009 04:45:15 -0800 

I am also looking for using custom keystore, do you know how generate and
store cert and priv key in keystore programmatically ?

On Thu, Dec 10, 2009 at 4:12 PM, droidsan <droid...@googlemail.com> wrote:

> Hello,
>
> Trying to set up a secure connection via SSL I get a SSL handshake
> failure when the server requests the client certificate. The code
> excerpt shown below (basically Apache's ClientCustomSSL.java example
> extended to use custom keystore for client cert and to support BKS
> keystores) works on my desktop PC but throws a handshake failure in
> Android simulator. Is this a bug, do I miss to add something Android
> specific or is it just a permission problem?
>
> Setup on PC: OS: openSuse 11.1, Java: SUN 1.6.0_17, openssl: 0.9.8h
> Android SDK platform: 1.5_r3 revision 3
> ________________________________
> DefaultHttpClient httpclient = new DefaultHttpClient();
>
> // [ ... ] lines for key- and truststore initialization omitted
>
> SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore,
> keyStorePassword ,trustStore);
>
> Scheme sch = new Scheme("https", socketFactory, 4433);
> httpclient.getConnectionManager().getSchemeRegistry().register(sch);
>
> HttpGet httpget = new HttpGet("https://192.168.0.63:4433";);
>
> System.out.println("executing request" + httpget.getRequestLine());
>
> // SSL handshake failure when executing next line
> HttpResponse response = httpclient.execute(httpget);
>
> // [...] Remaining code omitted
> _________________________________
> Logcat:
> W/System.err( 1313): java.io.IOException: SSL handshake failure:
> Failure in SSL library, usually a protocol error
> W/System.err( 1313): error:14094410:SSL routines:SSL3_READ_BYTES:sslv3
> alert handshake failure (external/openssl/ssl/s3_pkt.c:1053
> 0x2911c0:0x00000003)
> _________________________________
> Server (openssl s_server [...] -Verify 1
> 21435:error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did
> not return a certificate:s3_srvr.c:2514:
> _________________________________
>
> Thanks for you help
>
> Alex
>
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Android Developers" group.
> To post to this group, send email to android-developers@googlegroups.com
> To unsubscribe from this group, send email to
> android-developers+unsubscr...@googlegroups.com<android-developers%2bunsubscr...@googlegroups.com>
> For more options, visit this group at
> http://groups.google.com/group/android-developers?hl=en




-- 
...Swapnil

|| Hare Krishna Hare Krishna Krishna Krishna Hare Hare ||
|| Hare Rama    Hare Rama   Rama   Rama    Hare Hare ||

-- 
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Reply via email to