Hi all,
I have written an Android web service client using the Restlet framework for
Android (2.0.15), and I've also written the web service backend as well
(again with Restlet 2.0.15 JEE) which has been uploaded on AWS Elastic
Beanstalk (so the client calls would be in the form of
http://my_web_service.elasticbeanstalk.com/this/is/my/request;). Everything
works fine on HTTP, so now I'd like to replace it with HTTPS, but this has
proven more difficult that I initially thought.
I have created a trial SSL certificate from Comodo, where I have declared,
as a CNAME, a domain that I own (unfortunately, I cannot declare the
elasticbeanstalk.com subdomain, where the AWS load balancer is running, as a
certificate hostname). This certificate has been uploaded to my AWS
instance, and it seems to be running succsefully (tested via web browser, a
couple of https calls get through succesfully after I accept the certificate
on the browser). The only thing that I don't like about this certificate is
the fact that I get a warning that this may be an invalid certificate, since
the declared hostname (my domain) and the actual hostname that the
certificate is running (elasticbeanstalk.com) do not match.
In my client I'm using the apache http client (have loaded the
org.apache.httpclient.jar on claspath), and this is how I create the client
resource I use on every call, which is plain and simple:
/ClientResource resource = new ClientResource(resourceUri);
Engine.getInstance().getRegisteredClients().clear();
Engine.getInstance().getRegisteredClients().add(new
HttpClientHelper(null));/
Of course, /resourceUri/ is in the form of
https://my_web_service.elasticbeanstalk.com/this/is/my/request;, and this
is the only difference between the working HTTP case and the non-working
HTTPS case. With HTTPS, I get the error below:
A recoverable error was detected (1001), attempting again in 2000 ms.
I've tried several suggestions that I found on google (using
org.restlet.ext.net httpclient instead of apache or even loading the
org.restlet.ext.ssl jar from Restlet Android 2.1), but nothing has worked so
far. I've even captured a network trace with Wireshark, and here's the
callflow:
ssl_call_flow.txt
http://restlet-discuss.1400322.n2.nabble.com/file/n7578771/ssl_call_flow.txt
From the callflow above, it seems that client and server fail to complete a
succesful negotiation, but I have no idea why.
Any suggestions on how to resolve this problem are welcome. I believe that
the issue exists on the client side (Android app using Restlet 2.0.15
framework), but not on the app code itself (since everything works fine when
using HTTP) but rather on the SSL negotiation/handshake before actually
making any calls. I also believe that the Certificate Authority (Comodo) is
successfully accepted/trusted by Android (I've done https calls through the
android device browser), but it still gives you a certificate warning that
you need to accept before continuing. Could it be that Restlet 2.0.15 is not
handling smoothly SSL communication, and I would need to upgrade to 2.1 or
later?
Looking forward to hearing your suggestions. In case you'd like to get some
more info that could help, just ask me. :)
Thanks in advance,
Alex
--
View this message in context:
http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771.html
Sent from the Restlet Discuss mailing list archive at Nabble.com.
--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054809
