Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001
Hi Alex, This is an issue with Restlet internal HTTP connector (for dev purpose only at this point). Could you try to add and register the org.restlet.ext.net.jar connector? Best regards, Jerome -- http://restlet.org http://twitter.com/#!/jlouvel 2013/5/6 Alex alexdim...@yahoo.gr New update: I made a change on my domain's DNS, and as a result all calls towards my domain are forwarded to the elasticbeanstalk.com domain. This way, my certificate appears as valid to the client, since the calls go through the CNAME of the certificate. But unfortunately, /I'm still getting the 1001 error/. What the heck is going on? I don't even know how to debug this anymore, since I have no clue except the 1001 error. Anyone? -- View this message in context: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578779.html Sent from the Restlet Discuss mailing list archive at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054976 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054978
Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001
Hello Jerome, thanks a lot for responding. If gaving the org.restlet.ext.net.jar on your classpath is enough, then I've already done what you're suggesting. As I stated on my first post, I'm not using the internal http connector, but instead the apache httpclient. In any case, I've even explicitly created the ClientResource calling the external http connector (Engine.getInstance().getRegisteredClients().add(new org.restlet.ext.net.HttpClientHelper(null));), but I'm still getting the 1001 error. -- View this message in context: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578781.html Sent from the Restlet Discuss mailing list archive at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054979
Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001
Alex; You to put the connector in the first postion doing this: Engine.getInstance().getRegisteredClients().add(*0, *new org.restlet.ext.net .HttpClientHelper(null)); Best regards, Jerome 2013/5/6 Alex alexdim...@yahoo.gr Hello Jerome, thanks a lot for responding. If gaving the org.restlet.ext.net.jar on your classpath is enough, then I've already done what you're suggesting. As I stated on my first post, I'm not using the internal http connector, but instead the apache httpclient. In any case, I've even explicitly created the ClientResource calling the external http connector (Engine.getInstance().getRegisteredClients().add(new org.restlet.ext.net.HttpClientHelper(null));), but I'm still getting the 1001 error. -- View this message in context: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578781.html Sent from the Restlet Discuss mailing list archive at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054979 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054982
Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001
This doesn't have the desired result either. :/ br, Alex On 6 Μαϊ 2013, at 6:08 μ.μ., Jerome Louvel-3 [via Restlet Discuss] ml-node+s1400322n7578782...@n2.nabble.com wrote: Alex; You to put the connector in the first postion doing this: Engine.getInstance().getRegisteredClients().add(0, new org.restlet.ext.net.HttpClientHelper(null)); Best regards, Jerome 2013/5/6 Alex [hidden email] Hello Jerome, thanks a lot for responding. If gaving the org.restlet.ext.net.jar on your classpath is enough, then I've already done what you're suggesting. As I stated on my first post, I'm not using the internal http connector, but instead the apache httpclient. In any case, I've even explicitly created the ClientResource calling the external http connector (Engine.getInstance().getRegisteredClients().add(new org.restlet.ext.net.HttpClientHelper(null));), but I'm still getting the 1001 error. -- View this message in context: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578781.html Sent from the Restlet Discuss mailing list archive at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054979 If you reply to this email, your message will be added to the discussion below: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578782.html To unsubscribe from Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001, click here. NAML -- View this message in context: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578783.html Sent from the Restlet Discuss mailing list archive at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054983
Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001
Have you tried to debug locally in Eclipse, using the Java SE edition? In version 2.1 you should get additional debug information by looking at the getResponse().getStatus() object. It should embed the underlying exception. Otherwise, could you package a small project reproducing the issue? That will be easier for us to debug. Jerome 2013/5/6 Alex alexdim...@yahoo.gr This doesn't have the desired result either. :/ br, Alex On 6 Μαϊ 2013, at 6:08 μ.μ., Jerome Louvel-3 [via Restlet Discuss] [hidden email] http://user/SendEmail.jtp?type=nodenode=7578783i=0 wrote: Alex; You to put the connector in the first postion doing this: Engine.getInstance().getRegisteredClients().add(*0, *new org.restlet.ext.net.HttpClientHelper(null)); Best regards, Jerome 2013/5/6 Alex a href=x-msg://616/user/SendEmail.jtp?type=nodeamp;node=7578782amp;i=0 target=_top rel=nofollow link=external[hidden email] Hello Jerome, thanks a lot for responding. If gaving the org.restlet.ext.net.jar on your classpath is enough, then I've already done what you're suggesting. As I stated on my first post, I'm not using the internal http connector, but instead the apache httpclient. In any case, I've even explicitly created the ClientResource calling the external http connector (Engine.getInstance().getRegisteredClients().add(new org.restlet.ext.net.HttpClientHelper(null));), but I'm still getting the 1001 error. -- View this message in context: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578781.html Sent from the Restlet Discuss mailing list archive at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054979 -- If you reply to this email, your message will be added to the discussion below: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578782.html To unsubscribe from Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001, click here. NAMLhttp://restlet-discuss.1400322.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewerid=instant_html%21nabble%3Aemail.namlbase=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespacebreadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml -- View this message in context: Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578783.html Sent from the Restlet Discuss mailing list archivehttp://restlet-discuss.1400322.n2.nabble.com/at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054988
Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001
Ok, I found the root cause of the problem. It had nothing to do with Restlet or my code. It was all a matter of installing correctly the intermediate certificates on AWS. The certificate chain of my CA consists of 4 certificate files, and AWS needs this chain in a very specific order (signing certificate first, CA root certificate last, and all other certificates in between), given in a pem/text format. Unfortunately the AWS documentation is a mess, so I had to dig around and do some trial-and-error before making it work. Your suggestion about checking the getStatus() stack (and the java.security.cert.CertPathValidatorException exception) of the response was the trigger that lead me to investigate and revise the way I installed my certs on AWS, so thanks for that. :) So I guess this matter is closed. Thanks for the support, I really appreciate it. :) Keep up the good work you're doing on Restlet. br, Alex -- View this message in context: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578786.html Sent from the Restlet Discuss mailing list archive at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054994
Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001
Thanks Alex for the follow-up, I'm sure it will help other users. Cheers, Jerome 2013/5/6 Alex alexdim...@yahoo.gr Ok, I found the root cause of the problem. It had nothing to do with Restlet or my code. It was all a matter of installing correctly the intermediate certificates on AWS. The certificate chain of my CA consists of 4 certificate files, and AWS needs this chain in a very specific order (signing certificate first, CA root certificate last, and all other certificates in between), given in a pem/text format. Unfortunately the AWS documentation is a mess, so I had to dig around and do some trial-and-error before making it work. Your suggestion about checking the getStatus() stack (and the java.security.cert.CertPathValidatorException exception) of the response was the trigger that lead me to investigate and revise the way I installed my certs on AWS, so thanks for that. :) So I guess this matter is closed. Thanks for the support, I really appreciate it. :) Keep up the good work you're doing on Restlet. br, Alex -- View this message in context: Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578786.html Sent from the Restlet Discuss mailing list archivehttp://restlet-discuss.1400322.n2.nabble.com/at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054999
Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001
Ok, it is as I was suspecting. The problem is that the certificate (having a
CNAME = www.mydomain.com, but being loaded from
https://mywebservice.elasticbeanstalk.com) seems to the Android client as
invalid, thus it doesn't even send the GET/POST request to the server.
I realized this when I send a POST method from the terminal (using curl),
ignoring the ssl verification warnings (-k option). This time the secure
connection responded as expected, sending back the json reply.
Based on Google's own Android documentation suggestion
(http://developer.android.com/training/articles/security-ssl.html#CommonHostnameProbs),
I tried to alter the HostnameVerifier method in order to get past the
certification validation. This is how my ClientResource is currently
created:
/public static ClientResource createClientResource(String resourceUri) {
Reference reference = new Reference(resourceUri);
System.setProperty( ssl.TrustManagerFactory.algorithm,
javax.net.ssl.KeyManagerFactory.getDefaultAlgorithm());
org.restlet.Context context = new org.restlet.Context();
context.getAttributes().put(hostnameVerifier, new
HostnameVerifier() {
@Override
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
});
ClientResource resource = new ClientResource(context,
reference);
Engine.getInstance().getRegisteredClients().clear();
Engine.getInstance().getRegisteredClients().add(new
HttpClientHelper(null));
Engine.getInstance().getRegisteredConverters().add(0, new
JacksonConverter());
resource.release();
return resource;
}/
But this doesn't work either, I still get the 1001 recoverable error. Still,
the Android client can't get past the invalid request.
I'd greatly appreciate any suggetions. :)
br,
Alex
--
View this message in context:
http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578778.html
Sent from the Restlet Discuss mailing list archive at Nabble.com.
--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054928
Re: Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001
Hello again, I've also tried the Android project with 2.1.2 libraries, but now I'm stuck on the exception /*java.lang.RuntimeException: Unable to create SSLContext*/ caused by /*java.security.NoSuchAlgorithmException: TrustManagerFactory SunX509 implementation not found*/. The only reference I could find is this one http://stackoverflow.com/questions/12192536/java-security-nosuchalgorithmexception-trustmanagerfactory-sunx509-implementati , but I didn't have any luck with that. It includes some kind of workaround, but I'm not sure where exactly it should be applied. I'm really stuck here, so any help would be much appreciated. br, Alex -- View this message in context: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771p7578774.html Sent from the Restlet Discuss mailing list archive at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054835
Android client - Restlet 2.0.15 - cannot connect with HTTPS/SSL - recoverable error 1001
Hi all, I have written an Android web service client using the Restlet framework for Android (2.0.15), and I've also written the web service backend as well (again with Restlet 2.0.15 JEE) which has been uploaded on AWS Elastic Beanstalk (so the client calls would be in the form of http://my_web_service.elasticbeanstalk.com/this/is/my/request;). Everything works fine on HTTP, so now I'd like to replace it with HTTPS, but this has proven more difficult that I initially thought. I have created a trial SSL certificate from Comodo, where I have declared, as a CNAME, a domain that I own (unfortunately, I cannot declare the elasticbeanstalk.com subdomain, where the AWS load balancer is running, as a certificate hostname). This certificate has been uploaded to my AWS instance, and it seems to be running succsefully (tested via web browser, a couple of https calls get through succesfully after I accept the certificate on the browser). The only thing that I don't like about this certificate is the fact that I get a warning that this may be an invalid certificate, since the declared hostname (my domain) and the actual hostname that the certificate is running (elasticbeanstalk.com) do not match. In my client I'm using the apache http client (have loaded the org.apache.httpclient.jar on claspath), and this is how I create the client resource I use on every call, which is plain and simple: /ClientResource resource = new ClientResource(resourceUri); Engine.getInstance().getRegisteredClients().clear(); Engine.getInstance().getRegisteredClients().add(new HttpClientHelper(null));/ Of course, /resourceUri/ is in the form of https://my_web_service.elasticbeanstalk.com/this/is/my/request;, and this is the only difference between the working HTTP case and the non-working HTTPS case. With HTTPS, I get the error below: A recoverable error was detected (1001), attempting again in 2000 ms. I've tried several suggestions that I found on google (using org.restlet.ext.net httpclient instead of apache or even loading the org.restlet.ext.ssl jar from Restlet Android 2.1), but nothing has worked so far. I've even captured a network trace with Wireshark, and here's the callflow: ssl_call_flow.txt http://restlet-discuss.1400322.n2.nabble.com/file/n7578771/ssl_call_flow.txt From the callflow above, it seems that client and server fail to complete a succesful negotiation, but I have no idea why. Any suggestions on how to resolve this problem are welcome. I believe that the issue exists on the client side (Android app using Restlet 2.0.15 framework), but not on the app code itself (since everything works fine when using HTTP) but rather on the SSL negotiation/handshake before actually making any calls. I also believe that the Certificate Authority (Comodo) is successfully accepted/trusted by Android (I've done https calls through the android device browser), but it still gives you a certificate warning that you need to accept before continuing. Could it be that Restlet 2.0.15 is not handling smoothly SSL communication, and I would need to upgrade to 2.1 or later? Looking forward to hearing your suggestions. In case you'd like to get some more info that could help, just ask me. :) Thanks in advance, Alex -- View this message in context: http://restlet-discuss.1400322.n2.nabble.com/Android-client-Restlet-2-0-15-cannot-connect-with-HTTPS-SSL-recoverable-error-1001-tp7578771.html Sent from the Restlet Discuss mailing list archive at Nabble.com. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3054809
