Android ssl:javax.net.ssl.SSLPeerUnverifiedException:没有对等证书(再次) [英] Android ssl: javax.net.ssl.SSLPeerUnverifiedException: No peer certificate (yet again)

问题描述

我有一个网站，我正在为 RESTful 服务启用 ssl.我们已经注册了 RapidSSL，安装了证书，并且通过了RapidSSL 检查器.我可以使用各种浏览器访问该站点，包括 android 浏览器(内置、firefox 和 opera)，没有问题，没有警告.

I've got a web site that I'm enabling ssl on for a RESTful service. We have registered with RapidSSL, installed the certs, and it passes the RapidSSL checker. I'm able to access the site with various browsers, including the android browsers (built in, firefox and opera) with no problems, no warnings.

但是，当我尝试使用我的 android 应用访问它时，出现以下异常:

However, when I try to access it with my android app, I get the following exception:

08-11 20:04:05.586   363   381 E HttpProvider: Error executing request: No peer certificate
08-11 20:04:05.586   363   381 E HttpProvider: javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
08-11 20:04:05.586   363   381 E HttpProvider:  at org.apache.harmony.xnet.provider.jsse.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:259)
08-11 20:04:05.586   363   381 E HttpProvider:  at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93)
08-11 20:04:05.586   363   381 E HttpProvider:  at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381)
08-11 20:04:05.586   363   381 E HttpProvider:  at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:164)
08-11 20:04:05.586   363   381 E HttpProvider:  at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
08-11 20:04:05.586   363   381 E HttpProvider:  at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
08-11 20:04:05.586   363   381 E HttpProvider:  at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:359)
08-11 20:04:05.586   363   381 E HttpProvider:  at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
08-11 20:04:05.586   363   381 E HttpProvider:  at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
08-11 20:04:05.586   363   381 E HttpProvider:  at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
08-11 20:04:05.586   363   381 E HttpProvider:  at com.xxxxx.netlib.http.HttpProvider.executeRequest(HttpProvider.java:75)

这发生在模拟器上的 android 2.3.3 和 3.2 平板电脑上.我已经看到了很多关于此的点击，但我发现没有任何内容可以帮助我解决问题.

This occurs on android 2.3.3 on the emulator and on a 3.2 tablet. I've seen lots of hits on this, but nothing I've found helps me to fix the issue.

更多数据:

$ openssl s_client -CAfile www.xxxxx.com.pem -connect www.xxxxx.com:443
CONNECTED(00000003)
depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority
verify return:1
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = "GeoTrust, Inc.", CN = RapidSSL CA
verify return:1
depth=0 serialNumber = 1-7wArtEjdTwJ94d5iVDooDmmC4mXyVj, OU = GT82425783, OU = See www.rapidssl.com/resources/cps (c)12, OU = Domain Control Validated - RapidSSL(R), CN = www.xxxxx.com
verify return:1
---
Certificate chain
0 s:/serialNumber=1-7wArtEjdTwJ94d5iVDooDmmC4mXyVj/OU=GT82425783/OU=See www.rapidssl.com/resources/cps (c)12/OU=Domain Control Validated - RapidSSL(R)/CN=www.xxxxx.com
  i:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA
1 s:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA
  i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
  i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
[snip]

我正在运行以设置客户端的代码:

The code I'm running to set up the client:

public class HttpProvider implements INetworkProvider {
  private static final String LOG = "HttpProvider";
  protected DefaultHttpClient client;

  public HttpProvider() {
    SchemeRegistry registry = new SchemeRegistry();
    registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
    final SSLSocketFactory sslSocketFactory = SSLSocketFactory.getSocketFactory();
    sslSocketFactory.setHostnameVerifier(SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
    registry.register(new Scheme("https", sslSocketFactory, 443));

    client = new DefaultHttpClient(
      new ThreadSafeClientConnManager((new BasicHttpParams()), registry), new BasicHttpParams()
    );
  }
[snip]

我也尝试过 STRICT_HOSTNAME_VERIFIER，但仍然不高兴.

I've also tried with STRICT_HOSTNAME_VERIFIER and still no joy.

据我所知，我不需要设置任何自定义信任库或密钥库，因为我已在公认的证书提供商处注册.

From what I understand I shouldn't need to set up any custom truststores or keystores since I'm registered with a recognized cert provider.

我对 ssl 非常陌生，我发现我在三个字母首字母缩略词的海洋中游泳，我希望这里有人可以给我一个正确的方向.

I'm very new with ssl and find I'm swimming in a sea of Three Letter Acronyms, and I was hoping someone here may be able to give me a shove in the right direction.

推荐答案

经过大量的挖掘和实验，我终于意识到我使用的 url 使用了硬编码的 80 端口而不是默认的 443.哑哑.

After piles of digging and experimentation, I finally realized that the url I was using had hard coded port 80 instead of defaulting to 443. Dumb dumb dumb.

这个问题的答案使用 HttpClient over HTTPS 信任所有证书 对我理解 SSL 有很大帮助.

The answer to this question Trusting all certificates using HttpClient over HTTPS helped tremendously for my understanding of SSL.

这篇关于Android ssl:javax.net.ssl.SSLPeerUnverifiedException:没有对等证书(再次)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！