On Thu, Feb 24, 2011 at 3:52 PM, mdev <[email protected]> wrote:
> I try to set up a secure connection via SSL. I get the following
> handshake error:
>
> java.io.IOException: SSL handshake failure: Failure in SSL library,
> usually a protocol error error:14094410:SSL
> routines:SSL3_READ_BYTES:sslv3 alert handshake failure
>
what android version? have you tried the latest version in the emulator?
have you looked a tcpdump with wireshark to see what is going one with the
handshake?
> My App creates a certificate request, send it to a server and get an
> certificate (pem string).
>
I store the certificate as a .p12 file (PKCS12).
presumably you store the private key with the certificate as part of its
keychain in the keystore? ah, I see below. that you are:
> store.setKeyEntry("alias", keyPair, "password".toCharArray(), chain);
> store.store(fOut, "".toCharArray());
>
I don't recall from memory if you need to set the store password to be the
same as on the entry or only set it on the store but not the entry, but
technically that is keystore implementation specific i believe.
//loading the keystore for preparing the ssl connection
> trusted = KeyStore.getInstance(KeyStore.getDefaultType());
> File directory = getDir("data", Context.MODE_PRIVATE);
> String fileName = directory.getAbsolutePath() + "/cert.p12";
> FileInputStream fis = new FileInputStream(fileName);
> trusted.load(fis, "".toCharArray());
> fis.close();
>
> //httpclient init
> HttpParams parameters = new BasicHttpParams();
> SchemeRegistry schemeRegistry = new SchemeRegistry();
>
> schemeRegistry.register(new Scheme("https", SSLSF, 443));
> ClientConnectionManager manager = new ThreadSafeClientConnManager(
> parameters, schemeRegistry);
> HttpClient httpclient = new DefaultHttpClient(manager, parameters);
>
> HttpPost httppost = new HttpPost(URL);
> httppost.setHeader("Content-Type", "text/xml; charset=UTF-8");
> httppost.setHeader("SOAPAction", SOAP_ACTION);
>
> final StringBuffer soap = new StringBuffer();
> soap.append(soapMessage);
>
> HttpEntity entity = new StringEntity(soap.toString());
> httppost.setEntity(entity);
> HttpResponse response = httpclient.execute(httppost); //fails with
> the handshake error...
>
where do you actually used trusted? it needs to be used with
KeyManagerFactory.init(KeyStore, char[] password) to create a KeyManager
with KeyManagerFactory.getKeyManagers()
then the KeyManagers need to be passed to a new SSLContext via
SSLContext.init(keyManagers, ...). then SSLContext.getSocketFactory can be
used to get an SSLSocketFactory pass where you have SSLSF, but you don't
show how SSLSF is initialized.
none of this is Android specific so far.
-bri
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/android-security-discuss?hl=en.
