How are you creating your certificates?
On Tue, Apr 20, 2010 at 5:22 AM, Pavol Kaiser <[email protected]> wrote: > Hello, > > I am trying to establish a SSL connection from a client application running > on Android to a server running on Windows machine. > Connection seems to be established but when I try to send a message I get an > error (see below). When implementing this I was following the EchoServer > example here > http://mina.apache.org/report/trunk/xref/org/apache/mina/example/echoserver/ > . > The same code works when I try to connect from a client running on Windows. > Unsecure connection works even on Android correctly. > > Below is the exception that I get: > > 04-20 08:47:32.168: ERROR/ConnectionManager(217): > javax.net.ssl.SSLHandshakeException: SSL handshake failed. > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:416) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:220) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:264) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > java.lang.Thread.run(Thread.java:1096) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): Caused by: > javax.net.ssl.SSLException: Error occured in delegated > task:javax.net.ssl.SSLException: Unexpected exception > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > org.apache.harmony.xnet.provider.jsse.HandshakeProtocol.fatalAlert(HandshakeProtocol.java:324) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > org.apache.harmony.xnet.provider.jsse.HandshakeProtocol.wrap(HandshakeProtocol.java:276) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > org.apache.harmony.xnet.provider.jsse.SSLEngineImpl.wrap(SSLEngineImpl.java:708) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > javax.net.ssl.SSLEngine.wrap(SSLEngine.java:462) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:514) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:306) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:392) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): ... 9 more > 04-20 08:47:32.168: ERROR/ConnectionManager(217): Caused by: > org.apache.harmony.xnet.provider.jsse.AlertException: > javax.net.ssl.SSLException: Unexpected exception > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > org.apache.harmony.xnet.provider.jsse.HandshakeProtocol.fatalAlert(HandshakeProtocol.java:324) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > org.apache.harmony.xnet.provider.jsse.ClientHandshakeImpl.processServerHelloDone(ClientHandshakeImpl.java:421) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > org.apache.harmony.xnet.provider.jsse.ClientHandshakeImpl$1.run(ClientHandshakeImpl.java:287) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > org.apache.harmony.xnet.provider.jsse.ClientHandshakeImpl$1.run(ClientHandshakeImpl.java:286) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > java.security.AccessController.doPrivilegedImpl(AccessController.java:205) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > java.security.AccessController.doPrivileged(AccessController.java:178) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > org.apache.harmony.xnet.provider.jsse.DelegatedTask.run(DelegatedTask.java:54) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > org.apache.mina.filter.support.SSLHandler.doTasks(SSLHandler.java:685) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:486) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): ... 11 more > 04-20 08:47:32.168: ERROR/ConnectionManager(217): Caused by: > javax.net.ssl.SSLException: Unexpected exception > 04-20 08:47:32.168: ERROR/ConnectionManager(217): ... 20 more > 04-20 08:47:32.168: ERROR/ConnectionManager(217): Caused by: > java.security.InvalidKeyException: The public key in the certificate cannot > be used for ENCRYPT_MODE > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > javax.crypto.Cipher.init(Cipher.java:815) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > javax.crypto.Cipher.init(Cipher.java:747) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): at > org.apache.harmony.xnet.provider.jsse.ClientHandshakeImpl.processServerHelloDone(ClientHandshakeImpl.java:418) > 04-20 08:47:32.168: ERROR/ConnectionManager(217): ... 18 more > > > I found out in the Cipher class that this exception is thrown if one wants > to use a certificate for encryption and the certificate has set extension > "critical" but doesn't have extension "encipherOnly". Is it possible that > these attributes are not correctly set by Mina or Android during the > creation of a Certificate? > Is Mina supported on Android? If not do you plan to support it in near > future (next few months)? > Do you know any possible workaround for this? > > I was trying to solve this for last few days and I am quite desperate. Any > help is welcome. > > Thank you > > Pavol Kaiser >
