自定义 SSL 处理在 Android 2.2 FroYo 上停止工作 [英] Custom SSL handling stopped working on Android 2.2 FroYo

问题描述

对于我的应用程序 Transdroid，我通过 HTTP 连接到远程服务器，并可选择通过 HTTPS 安全连接.对于这些与 HttpClient 的 HTTPS 连接，我使用自定义 SSL 套接字工厂实现来确保自签名证书正常工作.基本上，我接受一切并忽略对任何证书的每一次检查.

For my app, Transdroid, I am connecting to remote servers via HTTP and optionally securely via HTTPS. For these HTTPS connections with the HttpClient I am using a custom SSL socket factory implementation to make sure self-signed certificates are working. Basically, I accept everything and ignore every checking of any certificate.

这已经有一段时间了，但它不再适用于 Android 2.2 FroYo.尝试连接时，会返回异常:

This has been working fine for some time now, but it no longer work for Android 2.2 FroYo. When trying to connect, it will return an exception:

java.io.IOException: SSL handshake failure: I/O error during system call, Broken pipe

这是我初始化 HttpClient 的方法:

Here is how I initialize the HttpClient:

    SchemeRegistry registry = new SchemeRegistry();
    registry.register(new Scheme("http", new PlainSocketFactory(), 80));
    registry.register(new Scheme("https", (trustAll ? new FakeSocketFactory() : SSLSocketFactory.getSocketFactory()), 443));
    client = new DefaultHttpClient(new ThreadSafeClientConnManager(httpParams, registry), httpParams);

我使用了 FakeSocketFactory 和 FakeTrustManager，其来源可以在 此处.

I make use of a FakeSocketFactory and FakeTrustManager, of which the source can be found here.

同样，我不明白为什么它突然停止工作，甚至不明白管道损坏"错误是什么意思.我在 Twitter 上看到过 Seesmic 和 Twidroid 在 FroYo 上启用 SSL 时也失败的消息，但我不确定它是否相关.

Again, I don't understand why it suddenly stopped work, or even what the error 'Broken pipe' means. I have seen messages on Twitter that Seesmic and Twidroid fail with SSL enabled on FroYo as well, but am unsure if it's related.

感谢您的指导/帮助！

推荐答案

这里是答案，非常感谢愿意分享修复的有用的 Seesmic 开发人员:

Here is the answer, with many, many thanks to a helpful Seesmic developer willing to share the fix:

在自定义套接字工厂中，套接字创建(使用 createSocket)显然已专门针对 SSLSocketFactory 实现进行了更改.所以老了:

In the custom socket factory, the socket creation (with createSocket) has apparently been changed specifically for the SSLSocketFactory implementation. So the old:

    @Override
    public Socket createSocket(Socket socket, String host, int port, boolean autoClose)
                    throws IOException, UnknownHostException {
            return getSSLContext().getSocketFactory().createSocket();
    }

需要改为:

    @Override
    public Socket createSocket(Socket socket, String host, int port, boolean autoClose)
                    throws IOException, UnknownHostException {
            return getSSLContext().getSocketFactory().createSocket(socket, host, port, autoClose);
    }

然后它又对我有用了！

更新:由于这仍然是一个流行的答案，让我更新我的工作代码链接.这个SSl-启用套接字工厂，支持现代协议(TLS 1.1+)、SNI 并可选择允许接受所有证书(不安全，忽略所有 SSL 证书)或 自签名证书(通过 SHA-1 哈希).

UPDATE: As this is still a popular answer, let me update my link to working code. This SSl-enabled socket factory that support modern protocols (TLS 1.1+), SNI and optionally allows to accept all certificates (insecure, ignores all SSL certificates) or a self-signed certificates (by SHA-1 hash).

这篇关于自定义 SSL 处理在 Android 2.2 FroYo 上停止工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！