我正在添加到我们的大型Java应用程序的模块必须与另一家公司的SSL安全网站进行交谈.问题是该站点使用自签名证书.我有一份证书副本,以验证我没有遇到中间人攻击,我需要将此证书合并到我们的代码中,以便与服务器的连接成功.
这是基本代码:
void sendRequest(String dataPacket) {
String urlStr = "https://host.example.com/";
URL url = new URL(urlStr);
HttpURLConnection conn = (HttpURLConnection)url.openConnection();
conn.setMethod("POST");
conn.setRequestProperty("Content-Length", data.length());
conn.setDoOutput(true);
OutputStreamWriter o = new OutputStreamWriter(conn.getOutputStream());
o.write(data);
o.flush();
}
在没有为自签名证书进行任何额外处理的情况下,这会在conn.getOutputStream()处死,但有以下异常:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
....
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
....
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path …我试图在android中运行以下代码
URLConnection l_connection = null;
// Create connection
uzip=new UnZipData(mContext);
l_url = new URL(serverurl);
if ("https".equals(l_url.getProtocol())) {
System.out.println("<<<<<<<<<<<<< Before TLS >>>>>>>>>>>>");
sslcontext = SSLContext.getInstance("TLS");
System.out.println("<<<<<<<<<<<<< After TLS >>>>>>>>>>>>");
sslcontext.init(null,
new TrustManager[] { new CustomTrustManager()},
new java.security.SecureRandom());
HttpsURLConnection
.setDefaultHostnameVerifier(new CustomHostnameVerifier());
HttpsURLConnection.setDefaultSSLSocketFactory(sslcontext
.getSocketFactory());
l_connection = (HttpsURLConnection) l_url.openConnection();
((HttpsURLConnection) l_connection).setRequestMethod("POST");
} else {
l_connection = (HttpURLConnection) l_url.openConnection();
((HttpURLConnection) l_connection).setRequestMethod("POST");
}
/*System.setProperty("http.agent", "Android_Phone");*/
l_connection.setConnectTimeout(10000);
l_connection.setRequestProperty("Content-Language", "en-US");
l_connection.setUseCaches(false);
l_connection.setDoInput(true);
l_connection.setDoOutput(true);
System.out.println("<<<<<<<<<<<<< Before Connection >>>>>>>>>>>>");
l_connection.connect();
在l_connection.connect(),它给出了这个SSLhandshakeException.有时候它有效,但大部分时间它都有例外.它只发生在Android 4.0模拟器上.我在Android 4.4和5.0上测试过,它运行正常.可能是什么原因造成的?请帮忙
堆栈跟踪
04-28 15:51:13.143: W/System.err(2915): javax.net.ssl.SSLHandshakeException: …ssl android sslhandshakeexception android-4.0.3-ice-cream-sandwich
我一直在监视我的应用程序错误,我看到以下错误太多次了
javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb8f0fc28: Failure in SSL library, usually a protocol error
错误:14077410:SSL例程:SSL23_GET_SERVER_HELLO:sslv3警报握手失败(外部/ openssl/ssl/s23_clnt.c:741 0xaa48cd5c:0x00000000)-javax.net.ssl.SSLHandshakeException:javax.net.ssl.SSLProtocolException:SSL握手已中止: ssl = 0xb8f0fc28:SSL库失败,通常是协议错误错误:14077410:SSL例程:SSL23_GET_SERVER_HELLO:sslv3警报握手失败(外部/ openssl/ssl/s23_clnt.c:741 0xaa48cd5c:0x00000000)
您可以看到错误是关于SSLV3而我的服务器仅支持TLSV1.2.
看起来在某些客户端,Volley回归使用SSLV3(出于某种原因)并且他们收到错误.
收到此错误的用户在Android 4.4.2,4.4.4和4.1.1及更高版本上.
有趣的是,我也在同一个应用程序中使用DefaultHttpClient,但它似乎没有报告相同的问题.
我在Volley中使用默认的HurlStack
我已经看到以下内容... 在HttpsURLConnection中禁用SSL作为协议
和 https://code.google.com/p/android/issues/detail?id=78187
那么我的选择是什么?
我的假设是否正确,Volley会回归到SSLV3?
为什么凌空倒退到SSLV3?换句话说,导致回退的原始失败是什么以及如何解决?
我最近下载了Volley,但我不确定它是最新的.我如何找到我的版本?
有什么想法吗?
ssl ×3
android ×2
android-4.0.3-ice-cream-sandwich ×1
java ×1
jsse ×1
keystore ×1
sslv3 ×1
truststore ×1