SSL握手失败Android 2.2版 [英] SSL Handshake failure for Android 2.2 version
问题描述
我正在开发需要从服务器证书验证的应用程序。它工作正常,在Android 2.3版本及以上,但对于Android 2.2的它给了我一个例外:
I am developing an application that need a certificate verification from the server. It works fine on Android 2.3 version and above, but for android 2.2 it gave me an exception :
W/System.err( 2116): java.io.IOException: SSL handshake failure: Failure in SSL library, usually a protocol error
W/System.err( 2116): error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure (external/openssl/ssl/s3_pkt.c:1053 0x3a5208:0x00000003)
W/System.err( 2116): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.nativeconnect(Native Method)
W/System.err( 2116): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:305)
W/System.err( 2116): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocketImpl.java:502)
W/System.err( 2116): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:443)
此错误的的BufferedInputStream来了,当设备尝试检索SSLSocket一个InputStream。在code是如下:
This error came from BufferedInputStream when the device try to retrieve an InputStream from SSLSocket. The code is below :
BufferedInputStream getSocketReader() throws IOException {
BufferedInputStream bis = new BufferedInputStream(sslSocket.getInputStream(), 32768);
return bis;
}
下面是createEasySSLContext我目前的code()方法:
Here is my current code of createEasySSLContext() method:
private static SSLContext createEasySSLContext() throws IOException {
try {
SSLContext context = SSLContext.getInstance("TLS");
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(sampleKeystore, "password".toCharArray());
CustomX509TrustManager trustManager = new CustomX509TrustManager(null);
context.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{trustManager}, null);
return context;
} catch (Exception e) {
throw new IOException(e.getMessage());
}
}
这是如何发生的呢?我可以修复它,而不会失去Android 2.2的支持?谢谢你。
How is this happen? Can I fixed it without losing Android 2.2 support? Thank you.
推荐答案
更可能是颁发服务器证书的CA不是由Android 2.1的信赖。要么得到一个新的证书,或者创建一个包含CA证书和设置您的code使用它信任存储。
More likely the CA that issued your server certificate is not trusted by Android 2.1. Either get a new certificate, or create a trust store that contains the CA certificate and setup your code to use it.
更多信息以及一些示例code的这里。
More info and some sample code here.
这篇关于SSL握手失败Android 2.2版的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!