我正在运行一个使用HTTPS的网站,其中包含来自Comodo的SSL证书。Qualys为该网站提供了A +分数,并且相同的URL在Android上的Chrome中没有错误。当我尝试使用 loopj 从 Android 应用程序连接到该网站时,我得到一个SSLPeerUnverifiedException异常。我必须手动提供证书信息吗?
我在默认的 AsyncHttpClient 示例中看到了此行为:
AsyncHttpClient client = new AsyncHttpClient();
client.get("https://myapp.com", new AsyncHttpResponseHandler() {
@Override
public void onStart() {
// called before request is started
}
@Override
public void onSuccess(int statusCode, Header[] headers, byte[] response) {
// called when response HTTP status is "200 OK"
}
@Override
public void onFailure(int statusCode, Header[] headers, byte[] errorResponse, Throwable e) {
// called when response HTTP status is "4XX" (eg. 401, 403, 404)
}
@Override
public void onRetry(int retryNo) {
// called when request is retried
}
});
例外:
04-20 21:59:57.092: W/System.err(8824): javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
04-20 21:59:57.102: W/System.err(8824): at com.android.org.conscrypt.SSLNullSession.getPeerCertificates(SSLNullSession.java:104)
04-20 21:59:57.102: W/System.err(8824): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93)
04-20 21:59:57.102: W/System.err(8824): at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:388)
04-20 21:59:57.102: W/System.err(8824): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:214)
04-20 21:59:57.102: W/System.err(8824): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:167)
04-20 21:59:57.102: W/System.err(8824): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125)
04-20 21:59:57.102: W/System.err(8824): at org.apache.http.impl.client.DefaultRequestDirector.executeSB(DefaultRequestDirector.java:831)
04-20 21:59:57.102: W/System.err(8824): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:697)
04-20 21:59:57.102: W/System.err(8824): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:575)
04-20 21:59:57.102: W/System.err(8824): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:491)
04-20 21:59:57.102: W/System.err(8824): at com.loopj.android.http.AsyncHttpRequest.makeRequest(AsyncHttpRequest.java:147)
04-20 21:59:57.102: W/System.err(8824): at com.loopj.android.http.AsyncHttpRequest.makeRequestWithRetries(AsyncHttpRequest.java:178)
04-20 21:59:57.102: W/System.err(8824): at com.loopj.android.http.AsyncHttpRequest.run(AsyncHttpRequest.java:109)
04-20 21:59:57.102: W/System.err(8824): at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:422)
04-20 21:59:57.102: W/System.err(8824): at java.util.concurrent.FutureTask.run(FutureTask.java:237)
04-20 21:59:57.102: W/System.err(8824): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
04-20 21:59:57.102: W/System.err(8824): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
04-20 21:59:57.102: W/System.err(8824): at java.lang.Thread.run(Thread.java:818)
作为loopj的替代方法,您可以创建一个将执行的AsyncTask。程序上的任务。与循环几乎相同的方式。我使用下面的类来执行HTTP/S请求,它完成了这项工作。
class GetHTTPSTask extends AsyncTask<Void, Void, Boolean>
{
private String mUrl;
public GetHTTPSTask(String url)
{
this.mUrl = url;
}
@Override
protected Boolean doInBackground(Void... params)
{
try
{
URL urlConnection = new URL(mUrl);
HttpURLConnection connection = (HttpURLConnection) urlConnection
.openConnection();
connection.setDoInput(true);
connection.connect();
InputStream input = connection.getInputStream();
return Boolean.TRUE;
}
catch (Exception e)
{
e.printStackTrace();
}
return null;
}
@Override
protected void onPostExecute(Boolean result)
{
if ( result != null)
{
// Connection was successful
// Do something here
}
super.onPostExecute(result);
}
}
并使用它:
new GetHTTPSTask("https://www.google.com/").execute();
事实证明,如果您使用的是Apache库,服务器就不能依赖SNI。
如果您控制了服务器,则可以将其配置为具有唯一 IP。或者,修复客户端:
来自安卓文档:
幸运的是,HttpsURLConnection从Android 2.3开始支持SNI。 不幸的是,Apache HTTP 客户端没有,这是众多客户端之一 我们不鼓励使用它的原因。一种解决方法(如果需要支持 Android 2.2(及更早版本)或Apache HTTP Client将设置一个 唯一端口上的备用虚拟主机,使其明确无误 要返回的服务器证书。