Thank you. The pc version uses jks keystore, so to check if the problem is rekative to bks keystores i will try to use bks also in the pc version. Anyway, i didn't understand if there is a way to solve my problem, or if you have tried to reproduce my code and you if you've found a solution. Thanks a lot. Tomorrow i will post the logcat output if you want, because the problem is on the client side during the handshake, in fact if i take off the needClientAuth option the client receives the server's certificate and i can see server identity information on the client's output.
On 4 Set, 20:05, Brian Carlstrom <[email protected]> wrote: > On Sat, Sep 4, 2010 at 3:09 AM, Andy Burns > <[email protected]>wrote: > > > mastergap wrote: > > > when i add to the ServerSocket running on my server pc the option > >> setNeedClientAuth the client can't authenticate...in particular i get > >> this exception on the server... > >> javax.net.ssl.SSLHandshakeException: null cert chain > > > What CA has signed your certificate(s)? If self-signed have you imported > > your own root certificate onto the Android device? > > the problem doesn't seem to be that the device does not trust the server > root (although the client code is making its own trust manager which is > presumably to trust the server cert chain, which presumably would be to > address this) > > the problem is curious since it is the server complaining about the client > and the code apparently worked okay with a host client, so that is why I was > focusing on the contents of the client key store as seen in the program and > what is sent on the wire. > > I think there might be some know issues on older releases abut only sending > the cert with its chain. if its signed by an intermediate it, you'd have to > workaround on the server by trusting the intermediate. > > -bri -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
