[jira] [Commented] (CB-12551) File-Transfer download/upload fails in Android 4.4 or older using TLS 1.2

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CB-12551?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16504599#comment-16504599
 ] 

ASF GitHub Bot commented on CB-12551:
-------------------------------------

macdonst commented on a change in pull request #197: CB-12551: (android) Patch 
Security Provider to support TLS 1.2
URL: 
https://github.com/apache/cordova-plugin-file-transfer/pull/197#discussion_r193725018
 
 

 ##########
 File path: src/android/FileTransfer.java
 ##########
 @@ -168,6 +173,17 @@ public boolean execute(String action, JSONArray args, 
final CallbackContext call
             String source = args.getString(0);
             String target = args.getString(1);
 
+            // Patch the Security Provider via Google Play Services to improve 
support for newer TLS/SSL standards in
+            // older versions of Android (@jira:CB-12551). More info here:
+            // 
https://developer.android.com/training/articles/security-gms-provider.html
+            try {
+                
ProviderInstaller.installIfNeeded(this.cordova.getActivity().getApplicationContext());
+            } catch (GooglePlayServicesRepairableException e) {
+                Log.e(LOG_TAG, "Google Play Services is out of date. Unable to 
patch security provider");
 
 Review comment:
   @davidofwatkins besides logging the error we should probably tell the user 
to update Play Services. Failing silently doesn't really help.
   
   ```
   // Prompt the user to install/update/enable Google Play services.
   GoogleApiAvailability.getInstance()
                 .showErrorNotification(context, e.connectionStatusCode)
   ```

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> File-Transfer download/upload fails in Android 4.4 or older using TLS 1.2
> -------------------------------------------------------------------------
>
>                 Key: CB-12551
>                 URL: https://issues.apache.org/jira/browse/CB-12551
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: cordova-plugin-file-transfer (DEPRECATED)
>            Reporter: Dani Palou
>            Priority: Major
>
> FileTransfer's download function fails when trying to download a file from a 
> site using TLS 1.2. This works fine in Android 5 or higher, but it fails in 
> Android 4.x.
> I searched a bit and I found that Android 4.4 should support TLS1.2 but it is 
> disabled by default. I applied the solution proposed in this post and it 
> worked for me:
> http://stackoverflow.com/a/33567745
> That is, I created the _MySSLSocketFactory_ class in the FileTransfer 
> project, and I used it in the _trustAllHosts_ function (line 636 of 
> _FileTransfer.java_):
> {noformat}
> SSLSocketFactory newFactory = new MySSLSocketFactory(sc.getSocketFactory());
> {noformat}
> I'm not sure if this can cause problems with other certificates, I don't know 
> much about this. It would be nice if the Cordova team could take a look at 
> this and check if it can be solved.
> This is the stacktrace:
> {noformat}
> Error getting HTTP status code from connection.
> javax.net.ssl.SSLException: Connection closed by peer
>  at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
>  at 
> com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405)
>  at com.android.okhttp.Connection.upgradeToTls(Connection.java:146)
>  at com.android.okhttp.Connection.connect(Connection.java:107)
>  at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:294)
>  at 
> com.android.okhttp.internal.http.HttpEngine.sendSocketRequest(HttpEngine.java:255)
>  at 
> com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:206)
>  at 
> com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:345)
>  at 
> com.android.okhttp.internal.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:89)
>  at 
> com.android.okhttp.internal.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:161)
>  at org.apache.cordova.filetransfer.FileTransfer$4.run(FileTransfer.java:869)
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
>  at java.lang.Thread.run(Thread.java:841)
> {noformat}
> It can be tested with this code:
> {noformat}
> var ft = new FileTransfer(),
>     path = 'squirrel.jpg',
>     uri = 
> 'https://prototype.moodle.net/mobile/moodle32/webservice/pluginfile.php/314/mod_resource/content/3/squirrel.jpg?forcedownload=1&token=616455be9f363cc9631cab89cfcfa1cd';
> ft.download(uri, path, success, error, true);
> function success() {
>     console.log('Success');
> }
> function error(data) {
>     console.log('Error', data);
> }
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org