What arguments are being passed to getClientAliases for the keyType and issuers? If your server is sending issuers that don't include the issuer of the certs in your KeyStore, you will get null. If keyType is null, it also return null.
Looking at the history of the code, it changed in 3.0 to support elliptic curve. I also added tests at this time to try and make sure we match the reference implementation. The SSLSocket implementation changed a lot in 2.3, so 2.x too vague to know if it is due to potential changes to how the SSLSocket calls the key manager. -bri On Wed, Sep 25, 2013 at 3:18 AM, Olexandr Tereshchuk <riv...@gmail.com> wrote: > I faced the problem described here at first > http://stackoverflow.com/questions/18824733/sslcontext-and-pkcs12-keystore-works-on-jvm-but-not-on-android > > But then i've found that connection fails only on 4.x (3.x possibly too but > not tested) so lately i created a simple wrapper around X509KeyManager class > and the result is that i always get null from getClientAliases and therefore > from chooseClientAlias methods and no private key returned(no alias - no > key) > > Have anyone faced same problems ? I believe that new version of > X509KeyManager behaves properly but i can't understand why there is so > difference in behavior among JVM + Android 2.* and Android 4.* > > **P.S.** There similar problems, i think, guys have here > https://groups.google.com/forum/#!topic/android-security-discuss/Qhoy401dsRI > or > http://stackoverflow.com/questions/8776952/ssl-client-authentication-broken-in-android-4-0 > but it hard to say what was the working solution of their problem. The > quickest solution i've found is just to return hardcoded alias in > chooseClientAlias but it's kinda lame :) > > **P.S.2** There are tons(!), literally tons of articles how to trust > self-signed certificate but only a few about keystores... guys c'mon. I wish > DevBytes come up another day with some SSL\Encryption talk instead of > another animation thing... :) > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to android-security-discuss+unsubscr...@googlegroups.com. > To post to this group, send email to > android-security-discuss@googlegroups.com. > Visit this group at http://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. To post to this group, send email to android-security-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
