自定义 SSL 处理在 Android 2.2 FroYo 上停止工作
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2899079/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Custom SSL handling stopped working on Android 2.2 FroYo
提问by Eric Kok
For my app, Transdroid, I am connecting to remote servers via HTTP and optionally securely via HTTPS. For these HTTPS connections with the HttpClient I am using a custom SSL socket factory implementation to make sure self-signed certificates are working. Basically, I accept everything and ignore every checking of any certificate.
对于我的应用程序 Transdroid,我通过 HTTP 连接到远程服务器,并可选择通过 HTTPS 安全连接。对于这些与 HttpClient 的 HTTPS 连接,我使用自定义 SSL 套接字工厂实现来确保自签名证书正常工作。基本上,我接受一切并忽略对任何证书的每一次检查。
This has been working fine for some time now, but it no longer work for Android 2.2 FroYo. When trying to connect, it will return an exception:
这已经有一段时间了,但它不再适用于 Android 2.2 FroYo。尝试连接时,它将返回异常:
java.io.IOException: SSL handshake failure: I/O error during system call, Broken pipe
Here is how I initialize the HttpClient:
这是我初始化 HttpClient 的方法:
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", new PlainSocketFactory(), 80));
registry.register(new Scheme("https", (trustAll ? new FakeSocketFactory() : SSLSocketFactory.getSocketFactory()), 443));
client = new DefaultHttpClient(new ThreadSafeClientConnManager(httpParams, registry), httpParams);
I make use of a FakeSocketFactory and FakeTrustManager, of which the source can be found here.
我使用了 FakeSocketFactory 和 FakeTrustManager,其来源可以在这里找到。
Again, I don't understand why it suddenly stopped work, or even what the error 'Broken pipe' means. I have seen messages on Twitter that Seesmic and Twidroid fail with SSL enabled on FroYo as well, but am unsure if it's related.
同样,我不明白为什么它突然停止工作,甚至不明白“管道损坏”错误是什么意思。我在 Twitter 上看到过 Seesmic 和 Twidroid 在 FroYo 上启用 SSL 的情况下失败的消息,但我不确定它是否相关。
Thanks for any directions/help!
感谢您的任何指示/帮助!
回答by Eric Kok
Here is the answer, with many, many thanks to a helpful Seesmic developer willing to share the fix:
这是答案,非常感谢愿意分享修复程序的有用的 Seesmic 开发人员:
In the custom socket factory, the socket creation (with createSocket) has apparently been changed specifically for the SSLSocketFactoryimplementation. So the old:
在自定义套接字工厂中,套接字创建(使用createSocket)显然已专门针对SSLSocketFactory实现进行了更改。所以旧的:
@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose)
throws IOException, UnknownHostException {
return getSSLContext().getSocketFactory().createSocket();
}
Needs to be changed to:
需要改为:
@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose)
throws IOException, UnknownHostException {
return getSSLContext().getSocketFactory().createSocket(socket, host, port, autoClose);
}
And then it worked again for me!
然后它又对我有用了!
UPDATE:As this is still a popular answer, let me update my link to working code. This SSl-enabled socket factorythat support modern protocols (TLS 1.1+), SNI and optionally allows to accept all certificates(insecure, ignores all SSL certificates) or a self-signed certificates(by SHA-1 hash).
更新:由于这仍然是一个流行的答案,让我更新我的工作代码链接。这个启用SSL 的套接字工厂支持现代协议 (TLS 1.1+)、SNI 并可选择接受所有证书(不安全,忽略所有 SSL 证书)或自签名证书(通过 SHA-1 哈希)。
回答by Jinu
More Info on this problem http://code.google.com/p/android/issues/detail?id=10472This fixed the SSL issue we had for HTC Desire when we updated to Android 2.2
有关此问题的更多信息 http://code.google.com/p/android/issues/detail?id=10472这解决了我们更新到 Android 2.2 时 HTC Desire 的 SSL 问题
