That is a good tip, but my app is written using phonegap so I am at the mercy of what is supported in the browser (I would like to be corrected).
On Wed, Jun 20, 2012 at 3:01 PM, Brian Carlstrom <[email protected]> wrote: > If the issue is the CA is untrusted and you are in an app making your own > https or SSLSocket connections, you should be able to make your own > TrustManager that trusts whatever CAs you like. > See http://developer.android.com/reference/javax/net/ssl/HttpsURLConnection.html for > an example. If you give me a server name, I could check the server > configuration. Sometimes earlier versions of Android were particular about > not including unneeded root CAs or bridge CAs in the server certificate > chain. These issues were fixed in 3.0, but could be worked around in 3.0, > again a custom TrustManager might help, allowing you to discard unneeded > certs from the chain. > > -bri > > > On Wed, Jun 20, 2012 at 11:48 AM, Michael Potter <[email protected]> wrote: >> >> Sorry, I accidentally typed Verizon when I meant to type Verisign. >> >> I will round up the list of devices/versions everyone has tested on. >> I am not the OP, so the Android 1.6 does not apply to me. >> >> My phone is 2.3.6 Gingerbread.UCLA3. >> I did not trap the network traffic on my phone, but I have the same >> behavior as the phone that did trap the network traffic. I will post >> that phone's version later. >> >> I need to support versions prior to 2.3, so I am interested in >> suggestions to solve this problem by changes to the server >> configuration. I cannot tell my users to update their phones. >> >> I will post more information after I gather it from the other people >> working on this problem. >> >> -- >> potter >> >> On Wed, Jun 20, 2012 at 2:28 PM, Brian Carlstrom <[email protected]> wrote: >> > I guessing that the "Android 1.6" in the user agent string implies a >> > Donut >> > device. It is very possible that CA is not trusted. I did a major update >> > to >> > the CA list in 2.3 Gingerbread. Have you tested in new releases in the >> > Android SDK emulator to see if that is the problem? If the CA truly is >> > Verizon, I don't think any stock Android device has trusted such as CA, >> > although its possible your Verizon provide server certificate is issued >> > by a >> > trusted CA. >> > >> > -bri >> > >> > On Wed, Jun 20, 2012 at 4:46 AM, Michael Potter <[email protected]> >> > wrote: >> >> >> >> I am getting this same error while doing a https POST to a SOAP service >> >> in >> >> javascript. >> >> I am using iphonegap to package the html/js into a android .apk file. >> >> >> >> This is only a problem on Android, iOS and Adobe Air do not have >> >> problem >> >> accessing the service. >> >> Our server certificate came from Verizon. >> >> >> >> Was there any resolution to the error below? >> >> >> >> -- >> >> potter >> >> >> >> On Monday, May 10, 2010 6:57:25 AM UTC-4, mikiso wrote: >> >>> >> >>> Hi, >> >>> >> >>> When I access a website(mail.myserver.com) from default browser, >> >>> android shows a message like >> >>> "browser cannot establish secure connection" and then aborted. >> >>> I took tcp packets between a browser of Android SDK and the server. >> >>> >> >>> Server → Client : Certificate, Server Hello Done >> >>> Client → Server : Client Key Exchange, Change Cipher Spec, Encrypted >> >>> Handshake Message >> >>> Server → Client : Change Cipher Spec, Encrypted Handshake Message >> >>> Client → Server : [ACK] >> >>> Client → Server : Encrypted Alert >> >>> Client → Server : [FIN, ACK] >> >>> Server → Client : [FIN, ACK] >> >>> >> >>> It seemes that the Android browser send an error as "Encrypted Alert" >> >>> to the server. >> >>> >> >>> FYI,the certificate of the server defines "mail.myserver.com" as CN >> >>> and the following DNS >> >>> names as subject alternative name. >> >>> * pop.myserver.com >> >>> * mail.myserver.com >> >>> * imap.myserver.com >> >>> >> >>> I don't know if this is related to the case, but I can access site >> >>> with a simple certificate and >> >>> at that time client can send "Application Data" to the Server >> >>> instead of "Encrypted Alert. >> >>> >> >>> Has anyone faced the same problem? >> >>> All of the android phones launched in Japan is affected by this >> >>> problem. >> >>> One of the user-agent of the default browser is: >> >>> Mozilla/5.0 (Linux; U; Android 1.6; ja-jp; SonyEricssonSO-01B Build/ >> >>> R1EA018) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile >> >>> Safari/525.20.1 >> >>> >> >>> Regards, >> >>> Soichiro Miki >> >>> Hitachisoft Zimbra Support >> >> >> >> -- >> >> You received this message because you are subscribed to the Google >> >> Groups >> >> "Android Security Discussions" group. >> >> To view this discussion on the web visit >> >> >> >> https://groups.google.com/d/msg/android-security-discuss/-/3PpbvQ0ldDIJ. >> >> To post to this group, send email to >> >> [email protected]. >> >> To unsubscribe from this group, send email to >> >> [email protected]. >> >> For more options, visit this group at >> >> http://groups.google.com/group/android-security-discuss?hl=en. >> > >> > > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
