logo标签列表

使用HttpURLConnection在Android 4.2.2上出现SSL握手异常:证书异常

androidweb-servicessecurityssl-certificatehttpurlconnection
6

我在使用HttpURLConnection来进行Android的webservice api调用时,遇到了一个奇怪的问题。仅在Android 4.2.2版本中,我得到了以下异常。而在Android 4.0.3, 4.3和4.4及以上版本中均能正常运行。 以下是我用于服务api调用的代码。

HttpURLConnection mConn = (HttpURLConnection)mUrl.openConnection();
mConn.addRequestProperty("Connection", "close");
mConn.setConnectTimeout(CONNECTION_TIMEOUT);
mConn.setReadTimeout(SOCKET_TIMEOUT);
mConn.setUseCaches(true);
mConn.setRequestMethod("POST");
String param = Utils.appendQueryParams(null,this.stringparams);
mConn.setDoInput(true);
mConn.setDoOutput(true);
mConn.setFixedLengthStreamingMode(param.getBytes().length);
mConn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
mConn.setRequestProperty("Accept", "application/json");
mConn.connect();
PrintWriter out = new PrintWriter(mConn.getOutputStream());
out.print(param);
out.close();

这里是异常信息(仅在Android SDK版本4.2.2中出现)

08-18 11:43:22.663  26427-26485/com.abc.xyz W/System.err﹕ javax.net.ssl.SSLHandshakeException: com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException: IssuerName(CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US) does not match SubjectName(CN=Go Daddy Root Certificate Authority - G2, OU=https://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US) of signing certificate.
08-18 11:43:22.833  26427-26485/com.abc.xyz W/System.err﹕ at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:381)
08-18 11:43:22.833  26427-26485/com.abc.xyz W/System.err﹕ at libcore.net.http.HttpConnection.setupSecureSocket(HttpConnection.java:209)
08-18 11:43:22.833  26427-26485/com.abc.xyz W/System.err﹕ at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.makeSslConnection(HttpsURLConnectionImpl.java:478)
08-18 11:43:22.833  26427-26485/com.abc.xyz W/System.err﹕ at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:433)
08-18 11:43:22.833  26427-26485/com.abc.xyz W/System.err﹕ at libcore.net.http.HttpEngine.sendSocketRequest(HttpEngine.java:290)
08-18 11:43:22.833  26427-26485/com.abc.xyz W/System.err﹕ at libcore.net.http.HttpEngine.sendRequest(HttpEngine.java:240)
08-18 11:43:22.833  26427-26485/com.abc.xyz W/System.err﹕ at libcore.net.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:81)
08-18 11:43:22.833  26427-26485/com.abc.xyz W/System.err﹕ at libcore.net.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:165)
08-18 11:43:22.833  26427-26485/com.abc.xyz W/System.err﹕ at com.halomem.android.utils.ServiceCall.executeRequest(ServiceCall.java:86)
08-18 11:43:22.833  26427-26485/com.abc.xyz W/System.err﹕ at com.halomem.android.impl.Session$1.run(Session.java:161)
08-18 11:43:22.833  26427-26485/com.abc.xyz W/System.err﹕ Caused by: java.security.cert.CertificateException: com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException: IssuerName(CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US) does not match SubjectName(CN=Go Daddy Root Certificate Authority - G2, OU=https://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US) of signing certificate.
08-18 11:43:22.833  26427-26485/com.abc.xyz W/System.err﹕ at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:296)
08-18 11:43:22.833  26427-26485/com.abc.xyz W/System.err﹕ at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:197)
08-18 11:43:22.833  26427-26485/com.abc.xyz W/System.err﹕ at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:597)
08-18 11:43:22.833  26427-26485/com.abc.xyz W/System.err﹕ at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
08-18 11:43:22.833  26427-26485/com.abc.xyz W/System.err﹕ at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:378)
08-18 11:43:22.833  26427-26485/com.abc.xyz W/System.err﹕ ... 9 more
08-18 11:43:22.833  26427-26485/com.abc.xyz W/System.err﹕ Caused by: com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException: IssuerName(CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US) does not match SubjectName(CN=Go Daddy Root Certificate Authority - G2, OU=https://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US) of signing certificate.
08-18 11:43:22.843  26427-26485/com.abc.xyz W/System.err﹕ at com.android.org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCertA(RFC3280CertPathUtilities.java:1525)
08-18 11:43:22.843  26427-26485/com.abc.xyz W/System.err﹕ at com.android.org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:305)
08-18 11:43:22.843  26427-26485/com.abc.xyz W/System.err﹕ at com.sec.android.security.pkix.SecCertPathValidatorSpi.engineValidate(SecCertPathValidatorSpi.java:99)
08-18 11:43:22.843  26427-26485/com.abc.xyz W/System.err﹕ at java.security.cert.CertPathValidator.validate(CertPathValidator.java:190)
08-18 11:43:22.843  26427-26485/com.abc.xyz W/System.err﹕ at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:283)
08-18 11:43:22.843  26427-26485/com.abc.xyz W/System.err﹕ ... 13 more

请在这方面提供建议。 谢谢。 Himanshu。
1
或者看一下这个答案?https://dev59.com/xOo6XIcBkEYKwwoYTS1D - Namphibian
1
如果是版本特定的问题,可能是4.2.2中的一个错误或与您正在测试的设备有关。您是否尝试使用模拟器或Nexus设备进行测试?错误本身表明服务器返回的证书未经正确签名,或者服务器配置不正确。服务器证书看起来如何? - Nikolay Elenkov
谢谢你们的回复,但在我的情况下,我没有使用HttpClient。 - Himanshu
证书顺序不正确似乎是最可能的原因,请检查第二个评论中的链接。同时使用openssl检查您的服务器返回的证书。 - Nikolay Elenkov
在几个4.2.2和4.2.1设备上遇到了同样的问题。可以确定是系统问题。我必须在这些机器上手动信任证书。 - vfs1234
显示剩余3条评论
2个回答
10

重要提示

请检查您的设备时间是否正确?

1
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接