> error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message > (external/openssl/ssl/s3_pkt.c:1232 0x19bf40:0x00000003); nested exception > is javax.net.ssl.SSLProtocolException: SSL handshake terminated: > ssl=0x182c70: Failure in SSL library, usually a protocol error $ openssl errstr 0x40943F2 error:040943F2:rsa routines:RSA_padding_add_PKCS1_PSS_mgf1:reason(1010)
On Thu, Aug 23, 2012 at 7:21 AM, Marco Serioli <[email protected]> wrote: > I'm developing an android application on v13 target sdk and I'm trying to > secure connection from android device to my tomcat server v6 with SSL > enabling also clientAuth. I'm using self-signed certificates. > > Only for introduce my project (I think the error is not due to this): I'm > using spring-android RestTemplate using a custom ClientHttpRequestFactory. > Because of android sdk version I'm sure that spring will use > HttpUrlConnection and not HttpClient! So I'm extending > SimpleclientHttpRequestFactory and overriding the openConnectionMethod. I > need to do this to trust my self-signed certificates and to use my client > authentication certificate! > > So I init my sslContext and set to HttpURLConnection in this way: > > private SSLSocketFactory getSSLSocketFactory() throws KeyStoreException, > KeyManagementException, NoSuchAlgorithmException, CertificateException, > IOException, UnrecoverableKeyException{ > final InputStream trustStoreLocation = > mContext.getResources().openRawResource(R.raw.trust_store); > final String trustStorePassword = "........"; > > final InputStream keyStoreLocation = > mContext.getResources().openRawResource(R.raw.key_store); > final String keyStorePassword = "........"; > > final KeyStore trustStore = KeyStore.getInstance("BKS"); > trustStore.load(trustStoreLocation, trustStorePassword.toCharArray()); > > final KeyStore keyStore = KeyStore.getInstance("BKS"); > keyStore.load(keyStoreLocation, keyStorePassword.toCharArray()); > > final TrustManagerFactory tmf = > TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); > tmf.init(trustStore); > > final KeyManagerFactory kmf = > KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); > kmf.init(keyStore, keyStorePassword.toCharArray()); > > final SSLContext sslCtx = SSLContext.getInstance("TLS"); > sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new > SecureRandom()); > > return sslCtx.getSocketFactory(); > } > > @Override > protected HttpURLConnection openConnection(URL url, Proxy proxy) throws > IOException { > final HttpURLConnection httpUrlConnection = super.openConnection(url, > proxy); > if (url.getProtocol().toLowerCase().equals("https")) { > try { > > ((HttpsURLConnection)httpUrlConnection).setSSLSocketFactory(getSSLSocketFactory()); > ((HttpsURLConnection)httpUrlConnection).setHostnameVerifier(new > NullHostnameVerifier()); > } catch (Exception e) { > if (LogConfig.ERROR_LOGS_ENABLED){ > Log.e(LOG_TAG, e.getMessage()); > } > > } > return httpUrlConnection; > } > > private static class NullHostnameVerifier implements HostnameVerifier { > public boolean verify(String hostname, SSLSession session) { > return true; > } > } > > When tomcat clientAuth is disabled it works fine. > > But when tomcat client authentication is enabled, trying to establish > connection from android device I got this exception: > > error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message > (external/openssl/ssl/s3_pkt.c:1232 0x19bf40:0x00000003); nested exception > is javax.net.ssl.SSLProtocolException: SSL handshake terminated: > ssl=0x182c70: Failure in SSL library, usually a protocol error > > I've tryed to install the client certificate on my web browser for testing > purpose and everything goes ok! So I think it's a problem of my android > application! > > Have you ever got this kind of exception? -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
