与AWS/alive.json的Android HTTPS连接挂起 [英] Android HTTPS connection to AWS/alive.json hangs

问题描述

我手上有一个面向SDK级别21的Android应用.其中，我正在尝试连接到

I have on my hands an Android app, targeting SDK level 21. Therein I'm trying to connect to AWS' alive.json using java.net.HttpURLConnection.

信任链如下:

• 巴尔的摩Cyber​​Trust根目录(受开发设备信任)
• DigiCert巴尔的摩CA-2 G2(开发设备信任DigiCert确保ID根G2，全局根​​CA，全局G2以及其他DigiCert吗?)
• AWS(* .us-east-etc.amazonaws.com)

我的AndroidManifest.xml具有<uses-permission android:name="android.permission.INTERNET"/>.

My AndroidManifest.xml features <uses-permission android:name="android.permission.INTERNET"/>.

代码[归结为]以下内容.从NDK调用一个单独的线程(该线程一个接一个地执行请求-目前只有一个).

The code [boils down to] the following. It's called on a separate thread (which executes requests one by one - there's just this one for now), from NDK.

    // init() -- all optional
    System.setProperty("http.keepAlive", "false");
    HttpURLConnection.setDefaultAllowUserInteraction(false);

    // makeRequest(HttpRequest request)
    URL url = new URL(request.url);
    HttpURLConnection http = (HttpURLConnection) url.openConnection();
    http.setUseCaches(false);
    http.setReadTimeout(timeoutMs);
    http.setChunkedStreaingMode(0); // optional
    http.setDoInput(true);
    http.setRequestMethod("GET"); // optional
    http.setRequestProperty("X-Correlation-ID", x); // optional
    http.connect();

现在，如果我将超时设置为80ms，我将得到一个javax.net.ssl.SSLHandshakeException: SSL handshake timed out.超过此时间(800毫秒)，它将永远挂在http.connect()中.

Now, if I set the timeout to 80ms, I will get an javax.net.ssl.SSLHandshakeException: SSL handshake timed out. Beyond that (800ms), it will hang forever in http.connect().

https://developer.android.com/training/articles /security-ssl.html#HttpsExample 及其周围的文章详细说明了如何完成此操作.我的理解是，该练习不需要证书固定.

https://developer.android.com/training/articles/security-ssl.html#HttpsExample and the surrounding article details how this should be done. My understanding is that I should not need certificate pinning for this exercise.

如果我确实添加一个(沿着上面的文章)，我会得到一个javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found..

If I do add one (along the lines of the above article), I get a javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found..

连接到http://资源就可以了.

Connecting to a http:// resource works just fine.

我做错了什么?我需要什么额外的配置，为什么?

What am I doing wrong? What extra configuration is needed on my part and why?

更新:

1，基于OkHttp的实现表现出完全相同的行为.

1, OkHttp based implementation manifests the exact same behaviour.

2，证书固定没有帮助解决问题.请注意，这只是一个绝望的措施，而不是用于生产的东西-显然，我们不希望在更新Amazon的证书时中断.

2, Certificate pinning did not help get around the issue. Note that this is only a desperate measure, and not something for production - obviously we don't want to break when Amazon's certificates get updated.

推荐答案

D'oh.不要在Android上执行此操作；使用http://s3.us-east-2.amazonaws.com/static-us-east/alive.json，而不是https://.

D'oh. Don't do this [on Android]; use http://s3.us-east-2.amazonaws.com/static-us-east/alive.json, not https://.

这篇关于与AWS/alive.json的Android HTTPS连接挂起的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！