与AWS/alive.json的Android HTTPS连接挂起 [英] Android HTTPS connection to AWS/alive.json hangs
问题描述
我手上有一个面向SDK级别21的Android应用.其中,我正在尝试连接到
I have on my hands an Android app, targeting SDK level 21. Therein I'm trying to connect to AWS' alive.json using java.net.HttpURLConnection
.
信任链如下:
- 巴尔的摩CyberTrust根目录(受开发设备信任)
- DigiCert巴尔的摩CA-2 G2(开发设备信任DigiCert确保ID根G2,全局根CA,全局G2以及其他DigiCert吗?)
- AWS(* .us-east-etc.amazonaws.com)
我的AndroidManifest.xml具有<uses-permission android:name="android.permission.INTERNET"/>
.
My AndroidManifest.xml features <uses-permission android:name="android.permission.INTERNET"/>
.
代码[归结为]以下内容.从NDK调用一个单独的线程(该线程一个接一个地执行请求-目前只有一个).
The code [boils down to] the following. It's called on a separate thread (which executes requests one by one - there's just this one for now), from NDK.
// init() -- all optional
System.setProperty("http.keepAlive", "false");
HttpURLConnection.setDefaultAllowUserInteraction(false);
// makeRequest(HttpRequest request)
URL url = new URL(request.url);
HttpURLConnection http = (HttpURLConnection) url.openConnection();
http.setUseCaches(false);
http.setReadTimeout(timeoutMs);
http.setChunkedStreaingMode(0); // optional
http.setDoInput(true);
http.setRequestMethod("GET"); // optional
http.setRequestProperty("X-Correlation-ID", x); // optional
http.connect();
现在,如果我将超时设置为80ms,我将得到一个javax.net.ssl.SSLHandshakeException: SSL handshake timed out
.超过此时间(800毫秒),它将永远挂在http.connect()
中.
Now, if I set the timeout to 80ms, I will get an javax.net.ssl.SSLHandshakeException: SSL handshake timed out
. Beyond that (800ms), it will hang forever in http.connect()
.
https://developer.android.com/training/articles /security-ssl.html#HttpsExample 及其周围的文章详细说明了如何完成此操作.我的理解是,该练习不需要证书固定.
https://developer.android.com/training/articles/security-ssl.html#HttpsExample and the surrounding article details how this should be done. My understanding is that I should not need certificate pinning for this exercise.
如果我确实添加一个(沿着上面的文章),我会得到一个javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
.
If I do add one (along the lines of the above article), I get a javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
.
连接到http://资源就可以了.
Connecting to a http:// resource works just fine.
我做错了什么?我需要什么额外的配置,为什么?
What am I doing wrong? What extra configuration is needed on my part and why?
更新:
1,基于OkHttp的实现表现出完全相同的行为.
1, OkHttp based implementation manifests the exact same behaviour.
2,证书固定没有帮助解决问题.请注意,这只是一个绝望的措施,而不是用于生产的东西-显然,我们不希望在更新Amazon的证书时中断.
2, Certificate pinning did not help get around the issue. Note that this is only a desperate measure, and not something for production - obviously we don't want to break when Amazon's certificates get updated.
推荐答案
D'oh.不要在Android上执行此操作;使用http://s3.us-east-2.amazonaws.com/static-us-east/alive.json
,而不是https://
.
D'oh. Don't do this [on Android]; use http://s3.us-east-2.amazonaws.com/static-us-east/alive.json
, not https://
.
这篇关于与AWS/alive.json的Android HTTPS连接挂起的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!