SSL握手失败Android 2.2版 [英] SSL Handshake failure for Android 2.2 version

问题描述

我正在开发需要从服务器证书验证的应用程序。它工作正常，在Android 2.3版本及以上，但对于Android 2.2的它给了我一个例外：

I am developing an application that need a certificate verification from the server. It works fine on Android 2.3 version and above, but for android 2.2 it gave me an exception :

W/System.err( 2116): java.io.IOException: SSL handshake failure: Failure in SSL library, usually a protocol error
W/System.err( 2116): error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure (external/openssl/ssl/s3_pkt.c:1053 0x3a5208:0x00000003)
W/System.err( 2116):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.nativeconnect(Native Method)
W/System.err( 2116):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:305)
W/System.err( 2116):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocketImpl.java:502)
W/System.err( 2116):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:443)

此错误的的BufferedInputStream来了，当设备尝试检索SSLSocket一个InputStream。在code是如下：

This error came from BufferedInputStream when the device try to retrieve an InputStream from SSLSocket. The code is below :

BufferedInputStream getSocketReader() throws IOException {
BufferedInputStream bis = new BufferedInputStream(sslSocket.getInputStream(), 32768);
        return bis;
    }

下面是createEasySSLContext我目前的code（）方法：

Here is my current code of createEasySSLContext() method:

private static SSLContext createEasySSLContext() throws IOException {
    try {
        SSLContext context = SSLContext.getInstance("TLS");
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(sampleKeystore, "password".toCharArray());

        CustomX509TrustManager trustManager = new CustomX509TrustManager(null);
        context.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{trustManager}, null);
        return context;
    } catch (Exception e) {
        throw new IOException(e.getMessage());
    }
}

这是如何发生的呢？我可以修复它​​，而不会失去Android 2.2的支持？谢谢你。

How is this happen? Can I fixed it without losing Android 2.2 support? Thank you.

推荐答案

更​​可能是颁发服务器证书的CA不是由Android 2.1的信赖。要么得到一个新的证书，或者创建一个包含CA证书和设置您的code使用它信任存储。

More likely the CA that issued your server certificate is not trusted by Android 2.1. Either get a new certificate, or create a trust store that contains the CA certificate and setup your code to use it.

更多信息以及一些示例code的这里。

More info and some sample code here.

这篇关于SSL握手失败Android 2.2版的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！