【问题标题】:SSLHandshakeException in AndroidAndroid 中的 SSLHandshakeException
【发布时间】:2014-09-26 18:21:21
【问题描述】:

我的应用正在尝试访问我的服务器并下载 PDF。我收到 SSLHandshakeException,我的服务器通过 Go Daddy 获得了 https 认证。证书有效期至2015年。

即使在我的设备受信任证书中,我也可以将Go Daddy 视为受信任证书。请给我一些解决方案:

这是我的例外:

08-04 02:35:01.740: W/System.err(19591): javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
08-04 02:35:01.740: W/System.err(19591):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:413)
08-04 02:35:01.740: W/System.err(19591):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:257)
08-04 02:35:01.750: W/System.err(19591):    at libcore.net.http.HttpConnection.setupSecureSocket(HttpConnection.java:210)
08-04 02:35:01.750: W/System.err(19591):    at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.makeSslConnection(HttpsURLConnectionImpl.java:477)
08-04 02:35:01.750: W/System.err(19591):    at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:432)
08-04 02:35:01.750: W/System.err(19591):    at libcore.net.http.HttpEngine.sendSocketRequest(HttpEngine.java:282)
08-04 02:35:01.750: W/System.err(19591):    at libcore.net.http.HttpEngine.sendRequest(HttpEngine.java:232)
08-04 02:35:01.750: W/System.err(19591):    at libcore.net.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:80)
08-04 02:35:01.750: W/System.err(19591):    at libcore.net.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:164)
08-04 02:35:01.750: W/System.err(19591):    at com.virinchi.activity.LoginActivity$UnSignedDownloadManager.doInBackground(LoginActivity.java:626)
08-04 02:35:01.750: W/System.err(19591):    at com.virinchi.activity.LoginActivity$UnSignedDownloadManager.doInBackground(LoginActivity.java:1)
08-04 02:35:01.750: W/System.err(19591):    at android.os.AsyncTask$2.call(AsyncTask.java:264)
08-04 02:35:01.750: W/System.err(19591):    at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
08-04 02:35:01.750: W/System.err(19591):    at java.util.concurrent.FutureTask.run(FutureTask.java:137)
08-04 02:35:01.750: W/System.err(19591):    at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:208)
08-04 02:35:01.750: W/System.err(19591):    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076)
08-04 02:35:01.750: W/System.err(19591):    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569)
08-04 02:35:01.750: W/System.err(19591):    at java.lang.Thread.run(Thread.java:856)
08-04 02:35:01.750: W/System.err(19591): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
08-04 02:35:01.750: W/System.err(19591):    at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:184)
08-04 02:35:01.750: W/System.err(19591):    at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:163)
08-04 02:35:01.750: W/System.err(19591):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:593)
08-04 02:35:01.750: W/System.err(19591):    at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
08-04 02:35:01.750: W/System.err(19591):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:410)
08-04 02:35:01.750: W/System.err(19591):    ... 17 more
08-04 02:35:01.750: W/System.err(19591): Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
08-04 02:35:01.750: W/System.err(19591):    ... 22 more

这是我的认证检查代码:

public class SSLFactory extends SSLSocketFactory {
SSLContext sslContext = SSLContext.getInstance("TLS");

public SSLFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
    super(truststore);

    X509TrustManager tm = new X509TrustManager() {
        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }

        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }

        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    };

    sslContext.init(null, new X509TrustManager[] { tm }, null);
}

public SSLFactory(SSLContext context) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
   super(null);
   sslContext = context;
}

@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
    return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
}

@Override
public Socket createSocket() throws IOException {
    return sslContext.getSocketFactory().createSocket();
}

public static HttpClient sslClient(HttpClient client) {
    try {
        X509TrustManager tm = new X509TrustManager() { 
            public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
            }

            public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
            }

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
        SSLContext ctx = SSLContext.getInstance("TLS");
        ctx.init(null, new TrustManager[]{tm}, null);
        SSLSocketFactory ssf = new SSLFactory(ctx);
        ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        ClientConnectionManager ccm = client.getConnectionManager();
        SchemeRegistry sr = ccm.getSchemeRegistry();
        sr.register(new Scheme("https", ssf, 443));
        return new DefaultHttpClient(ccm, client.getParams());
    } catch (Exception ex) {
        return null;
    }
}
}

【问题讨论】:

  • 你看到错误了吗?我不喜欢 SSL,所以我不知道什么是信任锚。 “原因:java.security.cert.CertificateException:java.security.cert.CertPathValidatorException:找不到证书路径的信任锚”
  • 使用SocketFactory, LayeredSocketFactory and X509TrustManager 创建您自己的 FakeSocket,并在发出请求时实现它们。
  • @jitainsharma 请在我实施证书检查的地方找到我的更新。如有任何更改,请告诉我!
  • 使用SchemeRegistry registry = new SchemeRegistry();

标签: android sslhandshakeexception


【解决方案1】:

听起来您必须在网络服务器上安装中间证书。它应该可以从证书的分销商处获得。

【讨论】:

    猜你喜欢
    • 2018-08-26
    • 2016-08-05
    • 1970-01-01
    • 2016-10-02
    • 2017-10-17
    • 2016-02-06
    • 1970-01-01
    • 2016-09-10
    • 2017-02-16
    相关资源
    最近更新 更多