我在使用HttpsUrlConnection
對象將Android連接到簡單的OpenSSL
服務器時遇到問題(我梳理了StackOverflow和a大量的在線教程,並遵循很多線路的例子,我仍然無法弄清楚爲什麼當我使用我的本地信任庫時我的資源被破壞)。Android HttpsUrlConnection javax.net.ssl.SSLException當使用本地信任庫時,由對等方握手錯誤關閉的連接
目前,我有試圖連接到Android的活動簡單OpenSSL server
(我可以連接到使用OpenSSL的客戶我的服務器),一旦HttpsUrlConnection.connect()
叫我收到「javax.net.ssl.SSLException: Connection closed by peer" error during the SSL handshake.
也許我建立我的樣本服務器錯誤?
注意事項:
- 此刻
- 我能夠加載默認的信任存儲 當連接到 https://www.google.com沒有客戶授權
- 我不能夠使用自簽名證書連接到服務器上的本地主機
- 不想信任所有證書
- 不想使用Apache的HttpClient
- 要使用本地信任只
- 創建的本地與充氣城堡
- 時能夠正確地信任加載到
- 代理防火牆後面的信任庫,代理服務器設爲我的Android虛擬設備
- AVD設置爲上。
事情我已經嘗試:
- 連接到兩個
127.0.0.1 and 10.0.2.2
- 使用新
SecureRandom() with the SSLContext.init()
- 創建
'URL u = new URL("https", "10.0.2.2", 443, "/");'
- 使用
TrustManagerFactory.getDefaultAlgorithms()
而不是 「X509」-
與網址
- 改爲
"Unexpected response code error 503"
的
「對方將連接關閉」
- 改爲
預先感謝您在百忙之中閱讀我的問題的時候了!
簡單的服務器開始使用命令:
$ sudo openssl s_server -accept 443 -cert server-cert.pem -key server-key.pem -pass file:passphrase.txt -state -www -verify 0
與命令測試客戶端連接:
$ openssl s_client -connect 127.0.0.1:443
Android的活動代碼(編輯以刪除完整的運行代碼簡化 - 請讓我知道如果有更多的代碼是必要的) - 錯誤輸出低於代碼。試圖用自簽名證書連接到我的服務器時
09-09 21:58:09.947: I/System.out(669): Response Code: 200
09-09 21:58:09.947: I/System.out(669): Response Code: TLS_ECDHE_RSA_WITH_RC4_128_SHA
輸出:正確連接到https://www.google.com時
try {
TrustManagerFactory tmf;
// local trust store
tmf = TrustManagerFactory.getInstance("X509");
tmf.init(loadLocalKeyStore(getApplicationContext()));
// default trust store - works for https://www.google.com
// tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
// tmf.init((KeyStore) null);
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.STRICT_HOSTNAME_VERIFIER;
URL u = new URL("https://10.0.2.2");
HttpsURLConnection urlConnection = (HttpsURLConnection) u.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());
urlConnection.setHostnameVerifier(hostnameVerifier);
urlConnection.connect();
System.out.println("Response Code: " + urlConnection.getResponseCode());
System.out.println("Response Code: " + urlConnection.getCipherSuite());
}
...
private KeyStore loadLocalKeyStore(Context context) {
InputStream in = context.getResources().openRawResource(R.raw.newserverkeystore);
KeyStore trusted = null;
try {
trusted = KeyStore.getInstance("BKS");
trusted.load(in, "thisisasecret".toCharArray());
} finally {
in.close();
}
return trusted;
}
再次輸出
09-09 22:03:23.377: D/HttpsProxy(717): Https Request error
09-09 22:03:23.377: D/HttpsProxy(717): javax.net.ssl.SSLException: Connection closed by peer
09-09 22:03:23.377: D/HttpsProxy(717): at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
09-09 22:03:23.377: D/HttpsProxy(717): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:395)
09-09 22:03:23.377: D/HttpsProxy(717): at libcore.net.http.HttpConnection.setupSecureSocket(HttpConnection.java:210)
09-09 22:03:23.377: D/HttpsProxy(717): at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.makeSslConnection(HttpsURLConnectionImpl.java:478)
09-09 22:03:23.377: D/HttpsProxy(717): at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:442)
09-09 22:03:23.377: D/HttpsProxy(717): at libcore.net.http.HttpEngine.sendSocketRequest(HttpEngine.java:289)
09-09 22:03:23.377: D/HttpsProxy(717): at libcore.net.http.HttpEngine.sendRequest(HttpEngine.java:239)
09-09 22:03:23.377: D/HttpsProxy(717): at libcore.net.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:80)
09-09 22:03:23.377: D/HttpsProxy(717): at libcore.net.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:165)
09-09 22:03:23.377: D/HttpsProxy(717): at com.example.myfirstapp.HttpsUrlConnectionActivity$3.doInBackground(HttpsUrlConnectionActivity.java:257)
09-09 22:03:23.377: D/HttpsProxy(717): at com.example.myfirstapp.HttpsUrlConnectionActivity$3.doInBackground(HttpsUrlConnectionActivity.java:1)
09-09 22:03:23.377: D/HttpsProxy(717): at android.os.AsyncTask$2.call(AsyncTask.java:287)
09-09 22:03:23.377: D/HttpsProxy(717): at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
09-09 22:03:23.377: D/HttpsProxy(717): at java.util.concurrent.FutureTask.run(FutureTask.java:137)
09-09 22:03:23.377: D/HttpsProxy(717): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:230)
09-09 22:03:23.377: D/HttpsProxy(717): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076)
09-09 22:03:23.377: D/HttpsProxy(717): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569)
09-09 22:03:23.377: D/HttpsProxy(717): at java.lang.Thread.run(Thread.java:856)
謝謝!
我忘記提及當我嘗試使用Android模擬器連接時,只有使用我的OpenSSL客戶端時,我沒有看到任何服務器活動。 – aspergillusOryzae
非常難以格式化這個問題;-) –
對不起,有沒有一種方法可以讓我們在投票問題之前更容易理解?我正在嘗試解釋我在重新定向到他們之前從其他帖子中採取的方法。 – aspergillusOryzae