Android 2.3设备上没有对等证书错误，但在android 4+上运行正常

Question

1. 我已经为我的服务器证书创建了bks文件。这是在原始文件夹

的项目源中添加的

2. 我已按如下方式创建了我的https客户端：

   公共类MyHttpsClient扩展了DefaultHttpClient {

   final Context context;
   
   public MyHttpsClient(Context context) {
       this.context = context;
   }
   
   @Override
   protected ClientConnectionManager createClientConnectionManager() {
       SchemeRegistry registry = new SchemeRegistry();
       registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
       // Register for port 443 our SSLSocketFactory with our keystore
       // to the ConnectionManager
       registry.register(new Scheme("https", newSslSocketFactory(), 443));
       return new SingleClientConnManager(getParams(), registry);
   }
   
   private SSLSocketFactory newSslSocketFactory() {
       try {
           // Get an instance of the Bouncy Castle KeyStore format
           KeyStore trusted = KeyStore.getInstance("BKS");
           // Get the raw resource, which contains the keystore with
           // your trusted certificates (root and any intermediate certs)
           InputStream in = context.getResources().openRawResource(R.raw.mykeystore);
           try {
               // Initialize the keystore with the provided trusted certificates
               // Also provide the password of the keystore
               trusted.load(in, "testpassword".toCharArray());
           } finally {
               in.close();
           }
           // Pass the keystore to the SSLSocketFactory. The factory is responsible
           // for the verification of the server certificate.
           SSLSocketFactory sf = new SSLSocketFactory(trusted);
           // Hostname verification from certificate
           // http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506
           sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
           return sf;
       } catch (Exception e) {
           throw new AssertionError(e);
       }
   }
   

   }

3. 然后我就像使用它一样：

   DefaultHttpClient httpClient = new MyHttpsClient(context);
   HttpConnectionParams.setConnectionTimeout(httpClient.getParams(), 30000);
   HttpContext localContext = new BasicHttpContext();
   HttpPost httpPost = new HttpPost(url);
   httpPost.setHeader("Accept", "application/json");
   httpPost.setHeader("Content-type", "application/json");
   httpPost.setEntity(new StringEntity(jsonString));
   
   response = httpClient.execute(httpPost, localContext);
   HttpEntity entity = response.getEntity();
   httpresponse = getResponse(entity);
   

4. 现在有了这个有趣的部分。这适用于android 4+真实设备和模拟器。这个在使用

的android 2.3上失败了

  

javax.net.ssl.SSLPeerUnverifiedException：无对等证书

如果没有已知的“信任所有证书”的方式，我如何才能在android 2.3上运行？

Answer 1

几天后我解决了同样的问题。解决方案包括以下内容。我将所有证书安装在设备上（在我的情况下是三星galaxy II）并转到服务器端开发人员，他们管理安装在服务器上的证书链。他分析了ssl链并检测到链中有一个证书（Thawte 2006）和其他证书（Thawte 2010）。他删除了2006年发布的最旧证书，并在android 2.x上进行了ssl验证。我建议你，在尝试获取本地密钥库之前，研究你的服务器端ssl链并检查这个链没有不必要的证书，因为android 2.x设备不能忽略不必要的证书，但其他平台3.x 4x和ios，windows phone可以做到，我的意思是在ssl证书链中忽略“垃圾”。