Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001
Hi Alex, This is an issue with Restlet internal HTTP connector (for dev purpose only at this point). Could you try to add and register the org.restlet.ext.net.jar connector? Best regards, Jerome -- http://restlet.org http://twitter.com/#!/jlouvel 2013/5/6 Alex alexdim...@yahoo.gr New update: I made a change on my domain's DNS, and as a result all calls towards my domain are forwarded to the elasticbeanstalk.com domain. This way, my certificate appears as valid to the client, since the calls go through the CNAME of the certificate. But unfortunately, /I'm still getting the 1001 error/. What the heck is going on? I don't even know how to debug this anymore, since I have no clue except the 1001 error. Anyone? -- View this message in context: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578779.html Sent from the Restlet Discuss mailing list archive at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054976 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054978
Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001
Hello Jerome, thanks a lot for responding. If gaving the org.restlet.ext.net.jar on your classpath is enough, then I've already done what you're suggesting. As I stated on my first post, I'm not using the internal http connector, but instead the apache httpclient. In any case, I've even explicitly created the ClientResource calling the external http connector (Engine.getInstance().getRegisteredClients().add(new org.restlet.ext.net.HttpClientHelper(null));), but I'm still getting the 1001 error. -- View this message in context: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578781.html Sent from the Restlet Discuss mailing list archive at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054979
Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001
Alex; You to put the connector in the first postion doing this: Engine.getInstance().getRegisteredClients().add(*0, *new org.restlet.ext.net .HttpClientHelper(null)); Best regards, Jerome 2013/5/6 Alex alexdim...@yahoo.gr Hello Jerome, thanks a lot for responding. If gaving the org.restlet.ext.net.jar on your classpath is enough, then I've already done what you're suggesting. As I stated on my first post, I'm not using the internal http connector, but instead the apache httpclient. In any case, I've even explicitly created the ClientResource calling the external http connector (Engine.getInstance().getRegisteredClients().add(new org.restlet.ext.net.HttpClientHelper(null));), but I'm still getting the 1001 error. -- View this message in context: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578781.html Sent from the Restlet Discuss mailing list archive at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054979 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054982
Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001
This doesn't have the desired result either. :/ br, Alex On 6 Μαϊ 2013, at 6:08 μ.μ., Jerome Louvel-3 [via Restlet Discuss] ml-node+s1400322n7578782...@n2.nabble.com wrote: Alex; You to put the connector in the first postion doing this: Engine.getInstance().getRegisteredClients().add(0, new org.restlet.ext.net.HttpClientHelper(null)); Best regards, Jerome 2013/5/6 Alex [hidden email] Hello Jerome, thanks a lot for responding. If gaving the org.restlet.ext.net.jar on your classpath is enough, then I've already done what you're suggesting. As I stated on my first post, I'm not using the internal http connector, but instead the apache httpclient. In any case, I've even explicitly created the ClientResource calling the external http connector (Engine.getInstance().getRegisteredClients().add(new org.restlet.ext.net.HttpClientHelper(null));), but I'm still getting the 1001 error. -- View this message in context: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578781.html Sent from the Restlet Discuss mailing list archive at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054979 If you reply to this email, your message will be added to the discussion below: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578782.html To unsubscribe from Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001, click here. NAML -- View this message in context: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578783.html Sent from the Restlet Discuss mailing list archive at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054983
Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001
Have you tried to debug locally in Eclipse, using the Java SE edition? In version 2.1 you should get additional debug information by looking at the getResponse().getStatus() object. It should embed the underlying exception. Otherwise, could you package a small project reproducing the issue? That will be easier for us to debug. Jerome 2013/5/6 Alex alexdim...@yahoo.gr This doesn't have the desired result either. :/ br, Alex On 6 Μαϊ 2013, at 6:08 μ.μ., Jerome Louvel-3 [via Restlet Discuss] [hidden email] http://user/SendEmail.jtp?type=nodenode=7578783i=0 wrote: Alex; You to put the connector in the first postion doing this: Engine.getInstance().getRegisteredClients().add(*0, *new org.restlet.ext.net.HttpClientHelper(null)); Best regards, Jerome 2013/5/6 Alex a href=x-msg://616/user/SendEmail.jtp?type=nodeamp;node=7578782amp;i=0 target=_top rel=nofollow link=external[hidden email] Hello Jerome, thanks a lot for responding. If gaving the org.restlet.ext.net.jar on your classpath is enough, then I've already done what you're suggesting. As I stated on my first post, I'm not using the internal http connector, but instead the apache httpclient. In any case, I've even explicitly created the ClientResource calling the external http connector (Engine.getInstance().getRegisteredClients().add(new org.restlet.ext.net.HttpClientHelper(null));), but I'm still getting the 1001 error. -- View this message in context: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578781.html Sent from the Restlet Discuss mailing list archive at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054979 -- If you reply to this email, your message will be added to the discussion below: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578782.html To unsubscribe from Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001, click here. NAMLhttp://restlet-discuss.1400322.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewerid=instant_html%21nabble%3Aemail.namlbase=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespacebreadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml -- View this message in context: Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578783.html Sent from the Restlet Discuss mailing list archivehttp://restlet-discuss.1400322.n2.nabble.com/at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054988
Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001
Ok, I found the root cause of the problem. It had nothing to do with Restlet or my code. It was all a matter of installing correctly the intermediate certificates on AWS. The certificate chain of my CA consists of 4 certificate files, and AWS needs this chain in a very specific order (signing certificate first, CA root certificate last, and all other certificates in between), given in a pem/text format. Unfortunately the AWS documentation is a mess, so I had to dig around and do some trial-and-error before making it work. Your suggestion about checking the getStatus() stack (and the java.security.cert.CertPathValidatorException exception) of the response was the trigger that lead me to investigate and revise the way I installed my certs on AWS, so thanks for that. :) So I guess this matter is closed. Thanks for the support, I really appreciate it. :) Keep up the good work you're doing on Restlet. br, Alex -- View this message in context: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578786.html Sent from the Restlet Discuss mailing list archive at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054994
Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001
Thanks Alex for the follow-up, I'm sure it will help other users. Cheers, Jerome 2013/5/6 Alex alexdim...@yahoo.gr Ok, I found the root cause of the problem. It had nothing to do with Restlet or my code. It was all a matter of installing correctly the intermediate certificates on AWS. The certificate chain of my CA consists of 4 certificate files, and AWS needs this chain in a very specific order (signing certificate first, CA root certificate last, and all other certificates in between), given in a pem/text format. Unfortunately the AWS documentation is a mess, so I had to dig around and do some trial-and-error before making it work. Your suggestion about checking the getStatus() stack (and the java.security.cert.CertPathValidatorException exception) of the response was the trigger that lead me to investigate and revise the way I installed my certs on AWS, so thanks for that. :) So I guess this matter is closed. Thanks for the support, I really appreciate it. :) Keep up the good work you're doing on Restlet. br, Alex -- View this message in context: Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578786.html Sent from the Restlet Discuss mailing list archivehttp://restlet-discuss.1400322.n2.nabble.com/at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054999
Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001
Ok, it is as I was suspecting. The problem is that the certificate (having a CNAME = www.mydomain.com, but being loaded from https://mywebservice.elasticbeanstalk.com) seems to the Android client as invalid, thus it doesn't even send the GET/POST request to the server. I realized this when I send a POST method from the terminal (using curl), ignoring the ssl verification warnings (-k option). This time the secure connection responded as expected, sending back the json reply. Based on Google's own Android documentation suggestion (http://developer.android.com/training/articles/security-ssl.html#CommonHostnameProbs), I tried to alter the HostnameVerifier method in order to get past the certification validation. This is how my ClientResource is currently created: /public static ClientResource createClientResource(String resourceUri) { Reference reference = new Reference(resourceUri); System.setProperty( ssl.TrustManagerFactory.algorithm, javax.net.ssl.KeyManagerFactory.getDefaultAlgorithm()); org.restlet.Context context = new org.restlet.Context(); context.getAttributes().put(hostnameVerifier, new HostnameVerifier() { @Override public boolean verify(String arg0, SSLSession arg1) { return true; } }); ClientResource resource = new ClientResource(context, reference); Engine.getInstance().getRegisteredClients().clear(); Engine.getInstance().getRegisteredClients().add(new HttpClientHelper(null)); Engine.getInstance().getRegisteredConverters().add(0, new JacksonConverter()); resource.release(); return resource; }/ But this doesn't work either, I still get the 1001 recoverable error. Still, the Android client can't get past the invalid request. I'd greatly appreciate any suggetions. :) br, Alex -- View this message in context: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578778.html Sent from the Restlet Discuss mailing list archive at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054928
Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001
Hello again, I've also tried the Android project with 2.1.2 libraries, but now I'm stuck on the exception /*java.lang.RuntimeException: Unable to create SSLContext*/ caused by /*java.security.NoSuchAlgorithmException: TrustManagerFactory SunX509 implementation not found*/. The only reference I could find is this one http://stackoverflow.com/questions/12192536/java-security-nosuchalgorithmexception-trustmanagerfactory-sunx509-implementati , but I didn't have any luck with that. It includes some kind of workaround, but I'm not sure where exactly it should be applied. I'm really stuck here, so any help would be much appreciated. br, Alex -- View this message in context: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578774.html Sent from the Restlet Discuss mailing list archive at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054835