Would be great if you send us the complete client and server logs as well as you client code.
Jeff On Mon, Mar 11, 2013 at 2:29 PM, yar.kh <[email protected]> wrote: > > > I have problems on establishing SSL connection between server and android > using Apache Mina (both on server and client); > > First of all I generated self signed keys. Bouncy Castle for Android and > JKS > for server: > > SERVER: > > keytool -genkey -dname "cn=sslkey, o=test, c=RU" -alias serverkey -keyalg > RSA -keypass pass -storepass pass -keystore serverkey.jks -validity 1000 > > keytool -export -alias serverkey -storepass pass -file server.cer -keystore > serverkey.jks > > keytool -import -alias serverkey -file server.cer -keypass pass -keystore > trustclient.bks -storetype BKS -storepass pass -providerClass > org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath > bcprov-jdk15on-148.jar > > CLIENT: > > keytool -genkey -dname "cn=sslkey, o=test, c=RU" -alias clientkey -keyalg > RSA -keypass pass -storepass pass -keystore clientkey.jks -validity 1000 > > keytool -export -alias clientkey -storepass pass -file client.cer -keystore > clientkey.jks > > keytool -import -alias clientkey -file client.cer -keypass pass -keystore > clientkey.bks -storetype BKS -storepass pass -providerClass > org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath > /Users/tabtrader/Workspace/tools/bcprov-jdk15on-148.jar > > keytool -import -v -trustcacerts -alias clientkey -file client.cer > -keystore > trustserver.jks -keypass pass -storepass pass > > > Then modified SSLContext: > > SERVER: > > KeyStore keyStore = KeyStore.getInstance("JKS"); > InputStream in = null; > try { > in = FileUtil.open(SSLContextFactory.class, "res/serverkey.jks"); > keyStore.load(in, keyStorePassword); > } > KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); > kmf.init(keyStore, "pass".toCharArray()); > > > KeyStore trustStore = KeyStore.getInstance("JKS"); > InputStream in = null; > try { > in = FileUtil.open(SSLContextFactory.class, "res/trustserver.jks"); > trustStore.load(in, keyStorePassword); > } > > TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); > tmf.init(trustStore); > > SSLContext sslContext = SSLContext.getInstance("TLS"); > sslContext.init(kmf.getKeyManagers(), null, new SecureRandom()); > > SSLFilter sslFilter = new SSLFilter(sslContext); > sslFilter.setUseClientMode(false); > sslFilter.setNeedClientAuth(false); > > > CLIENT: > > > KeyStore keyStore = KeyStore.getInstance("BKS"); > InputStream in = null; > try { > in = getResources().openRawResource(R.raw.clientkey); // > clientkey.bks > keyStore.load(in, keyStorePassword); > } > KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509"); > kmf.init(keyStore, "pass".toCharArray()); > > > KeyStore trustStore = KeyStore.getInstance("BKS"); > in = null; > try { > in = getResources().openRawResource(R.raw.trustclient); // > trustclient.bks > trustStore.load(in, keyStorePassword); > } > > TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509"); > tmf.init(trustStore); > > SSLContext sslContext = SSLContext.getInstance("TLS"); > sslContext.init(kmf.getKeyManagers(), null, new SecureRandom()); > > SSLFilter sslFilter = new SSLFilter(sslContext); > sslFilter.setUseClientMode(true); > sslFilter.setNeedClientAuth(false); > > > Using this code SLL Handshake finished without errors: > > DEBUG mina.acceptor.AcceptorIoHandler handshakeStatus=FINISHED > DEBUG mina.acceptor.AcceptorIoHandler sslSession CipherSuite used > SSL_RSA_WITH_RC4_128_MD5 > > And get established Mina Session. But then nothing happened. Next messages > from client are ignored without any logs. It is very strange. > > If set sslFilter.setNeedClientAuth(true) for server I got exception: > SSLHandshakeException: null cert chain > > Haw can I create this SSL connection? Where is the problem? > > > > -- > View this message in context: > http://apache-mina.10907.n7.nabble.com/SSL-connection-Android-Server-using-Apache-Mina-tp37009.html > Sent from the Apache MINA Developer Forum mailing list archive at > Nabble.com. > -- Jeff MAURY "Legacy code" often differs from its suggested alternative by actually working and scaling. - Bjarne Stroustrup http://www.jeffmaury.com http://riadiscuss.jeffmaury.com http://www.twitter.com/jeffmaury
