我正在尝试使用适用于 Android 的 Cordova 插件实现 SSL 固定,但出现错误 500:SSL 握手失败错误。我在 Android N 上运行该应用程序。
我试过以下插件: https://github.com/yyfearth/cordova-plugin-http
https://github.com/wymsee/cordova-HTTP
对于我的示例代码,我固定了 facebook 的证书。我试过固定 CA 证书(Avast)以及叶证书(facebook)。
下面是我的代码:
var app = {
// Application Constructor
initialize: function() {
document.addEventListener('deviceready', this.onDeviceReady.bind(this), false);
},
// deviceready Event Handler
//
// Bind any cordova events here. Common events are:
// 'pause', 'resume', etc.
onDeviceReady: function() {
this.receivedEvent('deviceready');
cordovaHTTP.enableSSLPinning(
true,
function (msg) {alert("SSL pinning enabled")},
function (msg) {alert("SSL pinning can't be enabled " + msg)}
);
CordovaHttpPlugin.addPinningCerts(
['MIIEXDCCA0SgAwIBAgIBATANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJDWjEP\n' +
'MA0GA1UECAwGUHJhZ3VlMQ4wDAYDVQQKDAVBVkFTVDEdMBsGA1UECwwUU29mdHdh\n' +
'cmUgRGV2ZWxvcG1lbnQxGTAXBgNVBAMMEEF2YXN0IHRydXN0ZWQgQ0EwHhcNMTYx\n' +
'MjA5MDAwMDAwWhcNMTgwMTI1MTIwMDAwWjBpMQswCQYDVQQGEwJVUzETMBEGA1UE\n' +
'CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEXMBUGA1UEChMORmFj\n' +
'ZWJvb2ssIEluYy4xFzAVBgNVBAMMDiouZmFjZWJvb2suY29tMIIBIjANBgkqhkiG\n' +
'9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEjiWVGgjCgy6GjTUTZJAFgPJ5ybGKVvCzG7\n' +
'yDKB2A2gLhFD3oEwiikVI2glBcSoPq6Yy2sOpZJWb2uchDVydjqy/6UrwL9vjZ4v\n' +
'AicRsI0A+ftVpyQZhCb2r50OnI6Fy8rpYQc0B8DP2XEq8RE3nrG7cFt80e+vygNv\n' +
'+FvV/8QwAAZlDNMCiCUEMtQ3ZHh8XybVIhVVYefrPY7GLec7UbbgP0coaJE9utVI\n' +
'ZxLIOzD+3dpCL0+/f6H2BkQLeVi5qB3+fyVsHqkHDKHnjG18nrJUR9xcNFNO9Onh\n' +
'ZK/JwT3kyECnd7mv7wE5JG9o3nsMapic+OkLWUTUNZYRzeyj3QIDAQABo4IBDjCC\n' +
'AQowHQYDVR0OBBYEFJ8vur6MoceTetprJx2P+OTfMgh2MB8GA1UdIwQYMBaAFEE4\n' +
'wE3WMlzLKyRJ94n3/3fKbXcfMIHHBgNVHREEgb8wgbyCDiouZmFjZWJvb2suY29t\n' +
'gg4qLmZhY2Vib29rLm5ldIIIKi5mYi5jb22CCyouZmJjZG4ubmV0ggsqLmZic2J4\n' +
'LmNvbYIQKi5tLmZhY2Vib29rLmNvbYIPKi5tZXNzZW5nZXIuY29tgg4qLnh4LmZi\n' +
'Y2RuLm5ldIIOKi54eS5mYmNkbi5uZXSCDioueHouZmJjZG4ubmV0ggxmYWNlYm9v\n' +
'ay5jb22CBmZiLmNvbYINbWVzc2VuZ2VyLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEA\n' +
'POrSZ9dMpwQHRO78VfBjDLeoGKYk2EdnTyxFIzZXPaLzMA5+X97eektopJgRWWIG\n' +
'aVn1fsHgwNl7DqdG13mHN6w9ziMon5TlXyz0NZn9jKEtdiw0VZG6f2ccn9HOBUqK\n' +
'5EDeWKXS4XwvrckPLC61nGsUIBGa+OBIh4tQNOgLzp3sY4DzWcyV2X1CFsDtLcPT\n' +
'WWXLOY8JhkFFNkTpLHbbVYFiUUoJ49C+MTt3+0ciwQr4/Tm250ksfpgL+O5u5aB7\n' +
'hngx78ACuL9qjT682tHgw7+Y4oe9cTAs93tf5Bnp0jdjkOomJFS5YgNHTEjD9rA3\n' +
'2d9j7kz7MY2lD5/lEsfCsg==\n']
function(msg) {alert("OK, Added pinned certs success!")},
function(msg) {alert("ERROR, adding pinned certs denied " + JSON.stringify(msg))}
);
cordovaHTTP.validateDomainName(true,
function(msg) {alert("OK, Domain Name validate")},
function(msg) {alert("ERROR, Domain Name not validate " + JSON.stringify(msg))}
);
window.cordovaHTTP.get(
"https://www.facebook.com/", //https://www.facebook.com", // we have a .cer file for this in www/certificates also in assets/certificates
{}, // optional params
{}, // optional headers
function(msg) {alert("OK, Connection allowed")},
function(msg) {alert("ERROR, Connection denied " + JSON.stringify(msg))}
);
},
// Update DOM on a Received Event
receivedEvent: function(id) {
var parentElement = document.getElementById(id);
var listeningElement = parentElement.querySelector('.listening');
var receivedElement = parentElement.querySelector('.received');
listeningElement.setAttribute('style', 'display:none;');
receivedElement.setAttribute('style', 'display:block;');
console.log('Received Event: ' + id);
}
};
app.initialize();
关于如何修复它有任何想法吗?
最佳答案
我使用了以下插件:
据我了解,您必须将所有证书包含在您的项目文件夹中。
此外,检查证书是否正确链接到您要连接的服务器也很重要。您可能还需要根证书、中间证书和基本证书,以包含在您的项目文件夹中。
请确保您固定的证书适用于您访问的服务器。
关于android - 使用 cordova 插件的 SSL 固定不起作用。我收到 SSL 握手失败,错误代码 500,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45161882/