Android 2.2的SSL库错误 [英] Android 2.2 SSL Library error
本文介绍了Android 2.2的SSL库错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
首先,我知道有很多主题就这样。他们中的大多数的anwser被信任的所有证书/默认情况下,它的主机提供的环境和安全是完全不可能的。
在2.3我有一个全功能的SSL客户端然而,当试图在2.2上运行它,我得到了一个读取错误:失败的SSL库,然后下一行,它说(openssl_v3)未知CA
关键是我已经按照Crazybob和安托万的博客的话多次字无影响(这就是我如何得到它的工作在2.3)
我工作的组织是我们自己的CA,我连接到服务器的端口已被限制为仅允许授权的客户端证书,其中我有一个在密钥库中。 2.3版本有2 BKS店,一家与客户端证书和其他与特定的服务器的证书。
我试图把RootCA和信任的机构证书的服务器存储,以及,但它仍然有同样的错误,所以,除非他们去在一个确切的顺序我难倒。
公共类的WebService
{
上下文语境;
InputStream的serverin;
InputStream的clientin;
DefaultHttpClient HttpClient的;
公众的WebService(上下文的背景下,为InputStream serverin,InputStream的clientin)
{
this.context =背景;
this.serverin = serverin;
this.clientin = clientin;
this.httpClient = newConnection();
}
公共DefaultHttpClient newConnection(){
//设置基本数据
的HttpParams PARAMS =新BasicHttpParams();
HttpProtocolParams.setVersion(参数,可以HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(PARAMS,UTF-8);
HttpProtocolParams.setUseExpectContinue(参数,可以真正的);
HttpProtocolParams.setUserAgent(参数,可以Android应用程序/ 1.0.0);
//使池
ConnPerRoute connPerRoute =新ConnPerRouteBean(12);
ConnManagerParams.setMaxConnectionsPerRoute(参数,可以connPerRoute);
ConnManagerParams.setMaxTotalConnections(PARAMS,20);
//设置超时
HttpConnectionParams.setStaleCheckingEnabled(参数,可以假);
HttpConnectionParams.setConnectionTimeout(参数,可以20 * 1000);
HttpConnectionParams.setSoTimeout(参数,可以20 * 1000);
HttpConnectionParams.setSocketBufferSize(PARAMS,8192);
//某些客户端PARAMS
HttpClientParams.setRedirecting(参数,可以假);
//注册HTTP / S shemas!
SchemeRegistry schReg =新SchemeRegistry();
schReg.register(新计划(HTTP,PlainSocketFactory
.getSocketFactory(),80));
schReg.register(新计划(https开头,newSSLSocketFactory(),3400));
ClientConnectionManager conMgr =新ThreadSafeClientConnManager(
参数,可以schReg);
DefaultHttpClient sClient =新DefaultHttpClient(conMgr,则params);
返回sClient;
}
私人的SSLSocketFactory newSSLSocketFactory(){
尝试 {
//设置信任库提供信任的服务器证书
//负荷信任库证书
密钥库的trustStore = NULL;
的trustStore = KeyStore.getInstance(BKS);
trustStore.load(serverin,(不告诉)toCharArray());
的System.out.println(加载服务器证书
+ trustStore.size());
//初始化信任管理器工厂读信任库
的TrustManagerFactory的TrustManagerFactory = NULL;
的TrustManagerFactory =的TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(的trustStore);
//设置客户端证书
//加载客户证书
密钥库的keyStore = NULL;
的keyStore = KeyStore.getInstance(BKS);
keyStore.load(clientin,(不告诉)toCharArray());
System.out的
.println(加载客户证书:+ keyStore.size());
//与读取客户端证书初始化密钥管理器工厂
的KeyManagerFactory的KeyManagerFactory = NULL;
的KeyManagerFactory = KeyManagerFactory.getInstance(的KeyManagerFactory
.getDefaultAlgorithm());
keyManagerFactory.init(密钥库(不告诉)toCharArray());
//初始化SSLSocketFactory的使用证书
SSLSocketFactory的的SocketFactory = NULL;
的SocketFactory =新的SSLSocketFactory(SSLSocketFactory.TLS,
密钥库(不告诉)区,信任,NULL,NULL);
返回的SocketFactory;
}赶上(例外五){
e.printStackTrace();
返回null;
}
}
堆栈跟踪如下所示:
9月12日至6日:13:47.739:W / System.err的(280):java.io.IOException异常:读取错误:未能在SSL库,通常一个协议错误
9月12日至6日:13:47.799:W / System.err的(280):在org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.nativeread(本机方法)
9月12日至6日:13:47.810:W / System.err的(280):在org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.access $ 300(OpenSSLSocketImpl.java:55)
12月6日09:13:47.810:W / System.err的(280):在org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl$SSLInputStream.read(OpenSSLSocketImpl.java:542)
9月12日至6日:13:47.819:W / System.err的(280):在org.apache.http.impl.io.AbstractSessionInputBuffer.fillBuffer(AbstractSessionInputBuffer.java:103)
9月12日至6日:13:47.819:W / System.err的(280):在org.apache.http.impl.io.AbstractSessionInputBuffer.readLine(AbstractSessionInputBuffer.java:191)
9月12日至6日:13:47.819:W / System.err的(280):在org.apache.http.impl.conn.DefaultResponseParser.parseHead(DefaultResponseParser.java:82)
9月12日至6日:13:47.819:W / System.err的(280):在org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:174)
12月6日09:13:47.829:W / System.err的(280):在org.apache.http.impl.AbstractHttpClientConnection.receiveResponseHeader(AbstractHttpClientConnection.java:179)
12月6日09:13:47.829:W / System.err的(280):在org.apache.http.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:235)
12月6日09:13:47.829:W / System.err的(280):在org.apache.http.impl.conn.AbstractClientConnAdapter.receiveResponseHeader(AbstractClientConnAdapter.java:259)
9月12日至6日:13:47.829:W / System.err的(280):在org.apache.http.protocol.Htt prequestExecutor.doReceiveResponse(Htt的prequestExecutor.java:279)
9月12日至6日:13:47.829:W / System.err的(280):在org.apache.http.protocol.Htt prequestExecutor.execute(Htt的prequestExecutor.java:121)
9月12日至6日:13:47.829:W / System.err的(280):在org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:410)
9月12日至6日:13:47.829:W / System.err的(280):在org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
9月12日至6日:13:47.829:W / System.err的(280):在org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
9月12日至6日:13:47.829:W / System.err的(280):在org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
9月12日至6日:13:47.829:W / System.err的(280):在(我的包).WebService.webGet(WebService.java:75)
9月12日至6日:13:47.829:W / System.err的(280):在(我的包).HardwareHoundActivity.onCreate(HardwareHoundActivity.java:107)
9月12日至6日:13:47.829:W / System.err的(280):在android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1047)
9月12日至6日:13:47.829:W / System.err的(280):在android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2627)
9月12日至6日:13:47.829:W / System.err的(280):在android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2679)
9月12日至6日:13:47.829:W / System.err的(280):在android.app.ActivityThread.access $ 2300(ActivityThread.java:125)
9月12日至6日:13:47.829:W / System.err的(280):在android.app.ActivityThread $ H.handleMessage(ActivityThread.java:2033)
9月12日至6日:13:47.829:W / System.err的(280):在android.os.Handler.dispatchMessage(Handler.java:99)
9月12日至6日:13:47.829:W / System.err的(280):在android.os.Looper.loop(Looper.java:123)
9月12日至6日:13:47.839:W / System.err的(280):在android.app.ActivityThread.main(ActivityThread.java:4627)
9月12日至6日:13:47.839:W / System.err的(280):在java.lang.reflect.Method.invokeNative(本机方法)
9月12日至6日:13:47.839:W / System.err的(280):在java.lang.reflect.Method.invoke(Method.java:521)
9月12日至6日:13:47.839:W / System.err的(280):在com.android.internal.os.ZygoteInit $ MethodAndArgsCaller.run(ZygoteInit.java:868)
9月12日至6日:13:47.839:W / System.err的(280):在com.android.internal.os.ZygoteInit.main(ZygoteInit.java:626)
9月12日至6日:13:47.839:W / System.err的(280):在dalvik.system.NativeStart.main(本机方法)
它的WebService引用该生产线是:
的Htt presponse响应= httpClient.execute(HTTPGET);
解决方案
看起来像在本地的OpenSSL级别的错误。您可以发布完整的堆栈跟踪?您的code是正确的,我不认为你需要的KeyManagerFactory位的HttpClient的SSLSocketFactory的照顾这个,如果你传递的密钥库(如你)。
First of all i know there are plenty of topics on this. Most of them the anwser is trusting all certificates/hosts by default which given the environment and security is completely out of the question.
In 2.3 i've got a fully functional SSL client however when trying to run it on 2.2 i got a Read Error: Failure in SSL Library and then the next line it says (openssl_v3) unkown ca.
The thing is i've followed Crazybob and Antoine's blogs word for word several times to no affect(thats how i got it working on 2.3)
The organisation I work for are our own CA, the server port i'm connecting to has been restricted to only allow authorized client certificates of which i have one in a keystore. The 2.3 version has 2 BKS stores, one with the client cert and the other with that particular server's cert.
I tried putting the RootCA and Trusted Authority certs in the server store as well but it still had the same error,so unless they go in in an exact order i'm stumped.
public class WebService
{
Context context;
InputStream serverin;
InputStream clientin;
DefaultHttpClient httpClient;
public WebService(Context context, InputStream serverin, InputStream clientin)
{
this.context = context;
this.serverin = serverin;
this.clientin = clientin;
this.httpClient = newConnection();
}
public DefaultHttpClient newConnection() {
// Set basic data
HttpParams params = new BasicHttpParams();
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(params, "UTF-8");
HttpProtocolParams.setUseExpectContinue(params, true);
HttpProtocolParams.setUserAgent(params, "Android app/1.0.0");
// Make pool
ConnPerRoute connPerRoute = new ConnPerRouteBean(12);
ConnManagerParams.setMaxConnectionsPerRoute(params, connPerRoute);
ConnManagerParams.setMaxTotalConnections(params, 20);
// Set timeout
HttpConnectionParams.setStaleCheckingEnabled(params, false);
HttpConnectionParams.setConnectionTimeout(params, 20 * 1000);
HttpConnectionParams.setSoTimeout(params, 20 * 1000);
HttpConnectionParams.setSocketBufferSize(params, 8192);
// Some client params
HttpClientParams.setRedirecting(params, false);
// Register http/s shemas!
SchemeRegistry schReg = new SchemeRegistry();
schReg.register(new Scheme("http", PlainSocketFactory
.getSocketFactory(), 80));
schReg.register(new Scheme("https", newSSLSocketFactory(), 3400));
ClientConnectionManager conMgr = new ThreadSafeClientConnManager(
params, schReg);
DefaultHttpClient sClient = new DefaultHttpClient(conMgr, params);
return sClient;
}
private SSLSocketFactory newSSLSocketFactory() {
try {
// setup truststore to provide trust for the server certificate
// load truststore certificate
KeyStore trustStore = null;
trustStore = KeyStore.getInstance("BKS");
trustStore.load(serverin, "(not telling)".toCharArray());
System.out.println("Loaded server certificates: "
+ trustStore.size());
// initialize trust manager factory with the read truststore
TrustManagerFactory trustManagerFactory = null;
trustManagerFactory = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
// setup client certificate
// load client certificate
KeyStore keyStore = null;
keyStore = KeyStore.getInstance("BKS");
keyStore.load(clientin, "(not telling)".toCharArray());
System.out
.println("Loaded client certificates: " + keyStore.size());
// initialize key manager factory with the read client certificate
KeyManagerFactory keyManagerFactory = null;
keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory
.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, "(not telling)".toCharArray());
// initialize SSLSocketFactory to use the certificates
SSLSocketFactory socketFactory = null;
socketFactory = new SSLSocketFactory(SSLSocketFactory.TLS,
keyStore, "(not telling)", trustStore, null, null);
return socketFactory;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
The Stacktrace looks like the following:
12-06 09:13:47.739: W/System.err(280): java.io.IOException: Read error: Failure in SSL library, usually a protocol error
12-06 09:13:47.799: W/System.err(280): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.nativeread(Native Method)
12-06 09:13:47.810: W/System.err(280): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.access$300(OpenSSLSocketImpl.java:55)
12-06 09:13:47.810: W/System.err(280): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl$SSLInputStream.read(OpenSSLSocketImpl.java:542)
12-06 09:13:47.819: W/System.err(280): at org.apache.http.impl.io.AbstractSessionInputBuffer.fillBuffer(AbstractSessionInputBuffer.java:103)
12-06 09:13:47.819: W/System.err(280): at org.apache.http.impl.io.AbstractSessionInputBuffer.readLine(AbstractSessionInputBuffer.java:191)
12-06 09:13:47.819: W/System.err(280): at org.apache.http.impl.conn.DefaultResponseParser.parseHead(DefaultResponseParser.java:82)
12-06 09:13:47.819: W/System.err(280): at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:174)
12-06 09:13:47.829: W/System.err(280): at org.apache.http.impl.AbstractHttpClientConnection.receiveResponseHeader(AbstractHttpClientConnection.java:179)
12-06 09:13:47.829: W/System.err(280): at org.apache.http.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:235)
12-06 09:13:47.829: W/System.err(280): at org.apache.http.impl.conn.AbstractClientConnAdapter.receiveResponseHeader(AbstractClientConnAdapter.java:259)
12-06 09:13:47.829: W/System.err(280): at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:279)
12-06 09:13:47.829: W/System.err(280): at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:121)
12-06 09:13:47.829: W/System.err(280): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:410)
12-06 09:13:47.829: W/System.err(280): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
12-06 09:13:47.829: W/System.err(280): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
12-06 09:13:47.829: W/System.err(280): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
12-06 09:13:47.829: W/System.err(280): at (my package).WebService.webGet(WebService.java:75)
12-06 09:13:47.829: W/System.err(280): at (my package).HardwareHoundActivity.onCreate(HardwareHoundActivity.java:107)
12-06 09:13:47.829: W/System.err(280): at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1047)
12-06 09:13:47.829: W/System.err(280): at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2627)
12-06 09:13:47.829: W/System.err(280): at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2679)
12-06 09:13:47.829: W/System.err(280): at android.app.ActivityThread.access$2300(ActivityThread.java:125)
12-06 09:13:47.829: W/System.err(280): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2033)
12-06 09:13:47.829: W/System.err(280): at android.os.Handler.dispatchMessage(Handler.java:99)
12-06 09:13:47.829: W/System.err(280): at android.os.Looper.loop(Looper.java:123)
12-06 09:13:47.839: W/System.err(280): at android.app.ActivityThread.main(ActivityThread.java:4627)
12-06 09:13:47.839: W/System.err(280): at java.lang.reflect.Method.invokeNative(Native Method)
12-06 09:13:47.839: W/System.err(280): at java.lang.reflect.Method.invoke(Method.java:521)
12-06 09:13:47.839: W/System.err(280): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:868)
12-06 09:13:47.839: W/System.err(280): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:626)
12-06 09:13:47.839: W/System.err(280): at dalvik.system.NativeStart.main(Native Method)
The line it references in WebService is:
HttpResponse response = httpClient.execute(httpGet);
解决方案
Looks like an error at the native OpenSSL level. Can you post the full stack trace? Your code looks correct, I don't think you need the KeyManagerFactory bit, httpclient's SSLSocketFactory takes care of this if you pass the keystore (as you are).
这篇关于Android 2.2的SSL库错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
