Skip to main content

Https Connection Android

Image
By User



I am doing a https post and I'm getting an exception of ssl exception Not trusted server certificate. If i do normal http it is working perfectly fine. Do I have to accept the server certificate somehow?




Labels:

Comments

  1. Tips For AllMarch 9, 2012 at 6:40 AM

    I'm making a guess, but if you want an actual handshake to occur, you have to let android know of your certificate. If you want to just accept no matter what, then use this pseudo-code to get what you need with the Apache HTTP Client:

    SchemeRegistry schemeRegistry = new SchemeRegistry ();

    schemeRegistry.register (new Scheme ("http",
    PlainSocketFactory.getSocketFactory (), 80));
    schemeRegistry.register (new Scheme ("https",
    new CustomSSLSocketFactory (), 443));

    ThreadSafeClientConnManager cm = new ThreadSafeClientConnManager (
    params, schemeRegistry);


    return new DefaultHttpClient (cm, params);


    CustomSSLSocketFactory:

    public class CustomSSLSocketFactory extends org.apache.http.conn.ssl.SSLSocketFactory
    {
    private SSLSocketFactory FACTORY = HttpsURLConnection.getDefaultSSLSocketFactory ();

    public CustomSSLSocketFactory ()
    {
    super(null);
    try
    {
    SSLContext context = SSLContext.getInstance ("TLS");
    TrustManager[] tm = new TrustManager[] { new FullX509TrustManager () };
    context.init (null, tm, new SecureRandom ());

    FACTORY = context.getSocketFactory ();
    }
    catch (Exception e)
    {
    e.printStackTrace();
    }
    }

    public Socket createSocket() throws IOException
    {
    return FACTORY.createSocket();
    }

    // TODO: add other methods like createSocket() and getDefaultCipherSuites().
    // Hint: they all just make a call to member FACTORY
    }


    FullX509TrustManager is a class that implements javax.net.ssl.X509TrustManager, yet none of the methods actually perform any work, get a sample here.

    Good Luck!

    ReplyDelete
  2. Tips For AllMarch 9, 2012 at 6:40 AM

    This is what I am doing. It simply doesn't check the certificate anymore.

    // always verify the host - dont check for certificate
    final static HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() {
    public boolean verify(String hostname, SSLSession session) {
    return true;
    }
    };

    /**
    * Trust every server - dont check for any certificate
    */
    private static void trustAllHosts() {
    // Create a trust manager that does not validate certificate chains
    TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
    return new java.security.cert.X509Certificate[] {};
    }

    public void checkClientTrusted(X509Certificate[] chain,
    String authType) throws CertificateException {
    }

    public void checkServerTrusted(X509Certificate[] chain,
    String authType) throws CertificateException {
    }
    } };

    // Install the all-trusting trust manager
    try {
    SSLContext sc = SSLContext.getInstance("TLS");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection
    .setDefaultSSLSocketFactory(sc.getSocketFactory());
    } catch (Exception e) {
    e.printStackTrace();
    }
    }


    and

    HttpURLConnection http = null;

    if (url.getProtocol().toLowerCase().equals("https")) {
    trustAllHosts();
    HttpsURLConnection https = (HttpsURLConnection) url.openConnection();
    https.setHostnameVerifier(DO_NOT_VERIFY);
    http = https;
    } else {
    http = (HttpURLConnection) url.openConnection();
    }

    ReplyDelete
  3. Tips For AllMarch 9, 2012 at 6:40 AM

    While trying to answer this question I found a better tutorial. With it you don't have to compromise the certificate check.

    http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html

    *I did not write this but thanks to Bob Lee for the work

    ReplyDelete
  4. Tips For AllMarch 9, 2012 at 6:40 AM

    You can also look at my blog article, very similar to crazybobs.

    This solution also doesn't compromise certificate checking and explains how to add the trusted certs in your own keystore.

    http://blog.antoine.li/index.php/2010/10/android-trusting-ssl-certificates/

    ReplyDelete
  5. Tips For AllMarch 9, 2012 at 6:40 AM

    None of these worked for me (aggravated by the Thawte bug as well). Eventually I got it fixed with Self Signed SSL acceptance Android and Custom SSL handling stopped working on Android 2.2 FroYo

    ReplyDelete
  6. Tips For AllMarch 9, 2012 at 6:40 AM

    I don't know about the Android specifics for ssl certificates, but it would make sense that Android won't accept a self signed ssl certificate off the bat. I found this post from android forums which seems to be addressing the same issue:
    http://androidforums.com/android-applications/950-imap-self-signed-ssl-certificates.html

    ReplyDelete
  7. Tips For AllMarch 9, 2012 at 6:40 AM

    may this thread help, but i can not tell if it works will latest API :

    http://groups.google.com/group/android-developers/browse%5Fthread/thread/1ac2b851e07269ba/c7275f3b28ad8bbc?#c7275f3b28ad8bbc

    ReplyDelete

Post a Comment

Popular posts from this blog

Why is this Javascript much *slower* than its jQuery equivalent?

By User
I have a HTML list of about 500 items and a "filter" box above it. I started by using jQuery to filter the list when I typed a letter (timing code added later): $('#filter').keyup( function() { var jqStart = (new Date).getTime(); var search = $(this).val().toLowerCase(); var $list = $('ul.ablist > li'); $list.each( function() { if ( $(this).text().toLowerCase().indexOf(search) === -1 ) $(this).hide(); else $(this).show(); } ); console.log('Time: ' + ((new Date).getTime() - jqStart)); } ); However, there was a couple of seconds delay after typing each letter (particularly the first letter). So I thought it may be slightly quicker if I used plain Javascript (I read recently that jQuery's each function is particularly slow). Here's my JS equivalent: document.getElementById('filter').addEventListener( 'keyup', function () { var jsStart = (new Date).getTime()...
3 comments
Read more

Is it possible to have IF statement in an Echo statement in PHP

By User
Thanks in advance. I did look at the other questions/answers that were similar and didn't find exactly what I was looking for. I'm trying to do this, am I on the right path? echo " <div id='tabs-".$match."'> <textarea id='".$match."' name='".$match."'>". if ($COLUMN_NAME === $match) { echo $FIELD_WITH_COLUMN_NAME; } else { } ."</textarea> <script type='text/javascript'> CKEDITOR.replace( '".$match."' ); </script> </div>"; I am getting the following error message in the browser: Parse error: syntax error, unexpected T_IF Please let me know if this is the right way to go about nesting an IF statement inside an echo. Thank you.
5 comments
Read more