自定义 SSL 处理在 Android 2.2 FroYo 上停止工作 [英] Custom SSL handling stopped working on Android 2.2 FroYo
问题描述
对于我的应用程序 Transdroid,我通过 HTTP 连接到远程服务器,并可选择通过 HTTPS 安全连接.对于这些与 HttpClient 的 HTTPS 连接,我使用自定义 SSL 套接字工厂实现来确保自签名证书正常工作.基本上,我接受一切并忽略对任何证书的每一次检查.
For my app, Transdroid, I am connecting to remote servers via HTTP and optionally securely via HTTPS. For these HTTPS connections with the HttpClient I am using a custom SSL socket factory implementation to make sure self-signed certificates are working. Basically, I accept everything and ignore every checking of any certificate.
这已经有一段时间了,但它不再适用于 Android 2.2 FroYo.尝试连接时,会返回异常:
This has been working fine for some time now, but it no longer work for Android 2.2 FroYo. When trying to connect, it will return an exception:
java.io.IOException: SSL handshake failure: I/O error during system call, Broken pipe
这是我初始化 HttpClient 的方法:
Here is how I initialize the HttpClient:
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", new PlainSocketFactory(), 80));
registry.register(new Scheme("https", (trustAll ? new FakeSocketFactory() : SSLSocketFactory.getSocketFactory()), 443));
client = new DefaultHttpClient(new ThreadSafeClientConnManager(httpParams, registry), httpParams);
我使用了 FakeSocketFactory 和 FakeTrustManager,其来源可以在 此处.
I make use of a FakeSocketFactory and FakeTrustManager, of which the source can be found here.
同样,我不明白为什么它突然停止工作,甚至不明白管道损坏"错误是什么意思.我在 Twitter 上看到过 Seesmic 和 Twidroid 在 FroYo 上启用 SSL 时也失败的消息,但我不确定它是否相关.
Again, I don't understand why it suddenly stopped work, or even what the error 'Broken pipe' means. I have seen messages on Twitter that Seesmic and Twidroid fail with SSL enabled on FroYo as well, but am unsure if it's related.
感谢您的指导/帮助!
推荐答案
这里是答案,非常感谢愿意分享修复的有用的 Seesmic 开发人员:
Here is the answer, with many, many thanks to a helpful Seesmic developer willing to share the fix:
在自定义套接字工厂中,套接字创建(使用 createSocket
)显然已专门针对 SSLSocketFactory
实现进行了更改.所以老了:
In the custom socket factory, the socket creation (with createSocket
) has apparently been changed specifically for the SSLSocketFactory
implementation. So the old:
@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose)
throws IOException, UnknownHostException {
return getSSLContext().getSocketFactory().createSocket();
}
需要改为:
@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose)
throws IOException, UnknownHostException {
return getSSLContext().getSocketFactory().createSocket(socket, host, port, autoClose);
}
然后它又对我有用了!
更新:由于这仍然是一个流行的答案,让我更新我的工作代码链接.这个SSl-启用套接字工厂,支持现代协议(TLS 1.1+)、SNI 并可选择允许接受所有证书(不安全,忽略所有 SSL 证书)或 自签名证书(通过 SHA-1 哈希).
UPDATE: As this is still a popular answer, let me update my link to working code. This SSl-enabled socket factory that support modern protocols (TLS 1.1+), SNI and optionally allows to accept all certificates (insecure, ignores all SSL certificates) or a self-signed certificates (by SHA-1 hash).
这篇关于自定义 SSL 处理在 Android 2.2 FroYo 上停止工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!