SSLHandshakeException:握手失败

时间:2015-02-10 21:07:38

标签: android ssl httprequest 

com.android.volley.NoConnectionError: javax.net.ssl.SSLHandshakeException: Handshake failed


02-10 21:41:26.496  11524-12747/com.example.blgui3 W/System.err﹕ javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
02-10 21:41:26.506  11524-12747/com.example.blgui3 W/System.err﹕ at com.android.org.conscrypt.SSLNullSession.getPeerCertificates(SSLNullSession.java:104)
02-10 21:41:26.506  11524-12747/com.example.blgui3 W/System.err﹕ at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93)
02-10 21:41:26.506  11524-12747/com.example.blgui3 W/System.err﹕ at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:388)
02-10 21:41:26.506  11524-12747/com.example.blgui3 W/System.err﹕ at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:165)
02-10 21:41:26.506  11524-12747/com.example.blgui3 W/System.err﹕ at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
02-10 21:41:26.506  11524-12747/com.example.blgui3 W/System.err﹕ at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
02-10 21:41:26.506  11524-12747/com.example.blgui3 W/System.err﹕ at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:372)
02-10 21:41:26.506  11524-12747/com.example.blgui3 W/System.err﹕ at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)

当我尝试发出http请求(第二个)或使用Volley为我做(第一个)时,我经常遇到此错误。

我在这里检查过其他帖子,花了好几个小时研究这个问题,但我没有找到任何东西。

我安装了CentOS的VPS,因为我不是Linux用户,所以我通过WHM以root权限访问它。

我在Verisign的域名上有一个SSL证书,错误出现在4.4(现在我收到了升级)和5.0,但4.1上没有。

我从Verisign搬到Thawte(证书即将到期,Thawte更便宜)我希望这可以解决问题,但事实并非如此。证书不是中间证书。

事实

根据this link证书已正确安装。我也和Thawte谈过,并被告知应该没有问题。

当您在浏览器中检查domain的证书时,会显示The connection uses TLS1.2. The connection is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.

openssl s_client -connect www.dappwall.com:443的(部分)输出是

  Certificate chain

 0 s:/C=CH/ST=Basel-Stadt/L=Basel/O=Dappwall GmbH/CN=www.dappwall.com
       i:/C=US/O=thawte, Inc./CN=thawte SSL CA - G2
     1 s:/C=US/O=thawte, Inc./CN=thawte SSL CA - G2
       i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte,
     Inc. - For authorized use only/CN=thawte Primary Root CA
     2 s:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte,
     Inc. - For authorized use only/CN=thawte Primary Root CA
       i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification S
    ervices Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.
    com
    No client certificate CA names sent
    ---
    SSL handshake has read 4198 bytes and written 340 bytes
    ---
    New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
    Server public key is 2048 bit
    Compression: NONE
    Expansion: NONE
    SSL-Session:
        Protocol  : TLSv1
        Cipher    : DHE-RSA-AES256-SHA
        Session-ID: C1FC9A551735B29233A5AFF619CE343E0C62387DED33A2C82075F96719646289

        Session-ID-ctx:
        Master-Key: B615A4F45F2C0A2F9C37813A3F9E89448B5C54B532FF0F9C831EA38C9D1A9DA4
    B722F665DD7904A3D5ABEAA5A493AEE5
        Key-Arg   : None
        Start Time: 1423598904
        Timeout   : 300 (sec)
        Verify return code: 20 (unable to get local issuer certificate)

有什么想法吗?也许我只是从服务器中删除SSL并使用HTTP作为最后的手段,这与设置信任所有证书相同。

考虑到我在应用程序的很多地方替换了AsleyTasks和Volley(大约25次)我不打算创建特殊的HttpClients,因为Volley正在使用内置的httpclient而我不想覆盖它代码。

0 个答案:

没有答案
相关问题
最新问题