我用过:
sudo openssl req -new -x509 -days 365 -nodes -out /path/to/cert.pem -keyout /path/to/cert.pem
创建证书并
keytool -importcert -v -trustcacerts -file "cert.pem" -alias ca -keystore "mySrvTruststore.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "bcprov-jdk16-145.jar" -storetype BKS -storepass pass
使用 bcprov-ext-jdk15on-1.46 创建 bkr keystore 。我已将 bkr keystore 导入到我的 Android 应用程序中的/res/raw/... 中。
我的安卓代码:
protected org.apache.http.conn.ssl.SSLSocketFactory createAdditionalCertsSSLSocketFactory() {
try {
final KeyStore ks = KeyStore.getInstance("BKS");
// the bks file we generated above
final InputStream in = RestaurantHanovra.getAppResources().openRawResource(R.raw.mysrvtruststore);
try {
// don't forget to put the password used above in strings.xml/mystore_password
ks.load(in, "pass".toCharArray());
} finally {
in.close();
}
return new MySSLSocketFactory(ks);
} catch( Exception e ) {
throw new RuntimeException(e);
}
}
当我尝试执行 http 请求时收到此错误:
08-17 16:18:19.778: W/System.err(16906): javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x5168b318: Failure in SSL library, usually a protocol error
08-17 16:18:19.778: W/System.err(16906): error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol (external/openssl/ssl/s23_clnt.c:766 0x4172bb5a:0x00000000)
08-17 16:18:19.778: W/System.err(16906): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:420)
08-17 16:18:19.783: W/System.err(16906): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocketImpl.java:636)
08-17 16:18:19.783: W/System.err(16906): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:607)
08-17 16:18:19.783: W/System.err(16906): at org.apache.http.impl.io.SocketInputBuffer.<init>(SocketInputBuffer.java:70)
08-17 16:18:19.783: W/System.err(16906): at org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java:83)
08-17 16:18:19.788: W/System.err(16906): at org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java:170)
08-17 16:18:19.788: W/System.err(16906): at org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java:106)
08-17 16:18:19.788: W/System.err(16906): at org.apache.http.impl.conn.DefaultClientConnection.openCompleted(DefaultClientConnection.java:129)
08-17 16:18:19.788: W/System.err(16906): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:172)
08-17 16:18:19.788: W/System.err(16906): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
08-17 16:18:19.788: W/System.err(16906): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
08-17 16:18:19.788: W/System.err(16906): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:360)
08-17 16:18:19.788: W/System.err(16906): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
08-17 16:18:19.793: W/System.err(16906): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
08-17 16:18:19.793: W/System.err(16906): at com.loopj.android.http.AsyncHttpRequest.makeRequest(AsyncHttpRequest.java:76)
08-17 16:18:19.793: W/System.err(16906): at com.loopj.android.http.AsyncHttpRequest.makeRequestWithRetries(AsyncHttpRequest.java:95)
08-17 16:18:19.793: W/System.err(16906): at com.loopj.android.http.AsyncHttpRequest.run(AsyncHttpRequest.java:57)
08-17 16:18:19.793: W/System.err(16906): at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:390)
08-17 16:18:19.798: W/System.err(16906): at java.util.concurrent.FutureTask.run(FutureTask.java:234)
08-17 16:18:19.798: W/System.err(16906): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)
08-17 16:18:19.798: W/System.err(16906): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573)
08-17 16:18:19.798: W/System.err(16906): at java.lang.Thread.run(Thread.java:856)
08-17 16:18:19.798: W/System.err(16906): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x5168b318: Failure in SSL library, usually a protocol error
08-17 16:18:19.798: W/System.err(16906): error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol (external/openssl/ssl/s23_clnt.c:766 0x4172bb5a:0x00000000)
08-17 16:18:19.803: W/System.err(16906): at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
08-17 16:18:19.808: W/System.err(16906): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:378)
08-17 16:18:19.808: W/System.err(16906): ... 21 more
虽然我已经在浏览器中检查了我的网络服务,并且一切正常。我错过了什么?
最佳答案
为了回答我自己的问题,问题是我在 8080 而不是 8443 上发送请求。这就是“SSL23_GET_SERVER_HELLO:未知协议(protocol)” 所指示的。
如果需要,请使用此方法。
关于Android SSL证书问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18289322/