有时会发生SSLV3_ALERT_HANDSHAKE_FAILURE

时间:2017-10-15 13:20:22

标签: android apache ssl certificate asynchttpclient

嗯,我对这个网络领域并不是很了解,但我尽力寻找类似的问题而没有成功。

我使用客户端证书构建了受保护的Web服务,并通过创建自定义信任管理器使我的Android应用程序通过AsyncHTTPClient成功连接到它们:

private SSLContext getSSLContext(){
      try{
          KeyStore keyStore = KeyStore.getInstance("PKCS12");
          InputStream in = context.getResources().openRawResource(R.raw.i);
          try {
              keyStore.load(in,p);

          } finally {
              in.close();
          }

          KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
          InputStream instream = context.getResources().openRawResource(R.raw.cert);
          byte[] der =loadPemCertificate(instream);
          ByteArrayInputStream derInputStream = new ByteArrayInputStream(der);
          CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
          X509Certificate cert = (X509Certificate) certificateFactory.generateCertificate(derInputStream);
          String alias = cert.getSubjectX500Principal().getName();
          trustStore.load(null);
          trustStore.setCertificateEntry(alias, cert);
          instream.close();

          KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
          kmf.init(keyStore, pw);
          KeyManager[] keyManagers = kmf.getKeyManagers();

          TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
          tmf.init(trustStore);



          SSLContext sslContext = SSLContext.getInstance("TLSv1");
          sslContext.init(keyManagers, new TrustManager[]{mtm}, null);



          return sslContext;
      }catch (Exception e){


      }

      return null;
  }

但是,某些请求有时会失败。我试图在失败的请求中找到任何特别的东西,但没有。 我只是注意到失败的请求始终是通过分块传输编码获得响应的请求。然而,这些要求有时会取得成功,有时却会失败。

以下是Android错误:

10-15 15:09:15.319 6279-6569/com..tba W/System.err: javax.net.ssl.SSLProtocolException: Read error: ssl=0xbe44bb40: Failure in SSL library, usually a protocol error
10-15 15:09:15.320 6279-6569/com..tba W/System.err: error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:641 0xc775cfe0:0x00000001)
10-15 15:09:15.320 6279-6569/com..tba W/System.err: error:100000d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:428 0xdd84cb7b:0x00000000)
10-15 15:09:15.320 6279-6569/com..tba W/System.err:     at com.android.org.conscrypt.NativeCrypto.SSL_read(Native Method)
10-15 15:09:15.321 6279-6569/com..tba W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl$SSLInputStream.read(OpenSSLSocketImpl.java:789)
10-15 15:09:15.321 6279-6569/com..tba W/System.err:     at cz.msebera.android.httpclient.impl.io.AbstractSessionInputBuffer.fillBuffer(AbstractSessionInputBuffer.java:160)
10-15 15:09:15.321 6279-6569/com..tba W/System.err:     at cz.msebera.android.httpclient.impl.io.SocketInputBuffer.fillBuffer(SocketInputBuffer.java:84)
10-15 15:09:15.321 6279-6569/com..tba W/System.err:     at cz.msebera.android.httpclient.impl.io.AbstractSessionInputBuffer.readLine(AbstractSessionInputBuffer.java:273)
10-15 15:09:15.321 6279-6569/com..tba W/System.err:     at cz.msebera.android.httpclient.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:140)
10-15 15:09:15.322 6279-6569/com..tba W/System.err:     at cz.msebera.android.httpclient.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:57)
10-15 15:09:15.322 6279-6569/com..tba W/System.err:     at cz.msebera.android.httpclient.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:260)
10-15 15:09:15.322 6279-6569/com..tba W/System.err:     at cz.msebera.android.httpclient.impl.AbstractHttpClientConnection.receiveResponseHeader(AbstractHttpClientConnection.java:283)
10-15 15:09:15.322 6279-6569/com..tba W/System.err:     at cz.msebera.android.httpclient.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:251)
10-15 15:09:15.322 6279-6569/com..tba W/System.err:     at cz.msebera.android.httpclient.impl.conn.AbstractClientConnAdapter.receiveResponseHeader(AbstractClientConnAdapter.java:223)
10-15 15:09:15.323 6279-6569/com..tba W/System.err:     at cz.msebera.android.httpclient.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:271)
10-15 15:09:15.323 6279-6569/com..tba W/System.err:     at cz.msebera.android.httpclient.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
10-15 15:09:15.323 6279-6569/com..tba W/System.err:     at cz.msebera.android.httpclient.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:685)
10-15 15:09:15.323 6279-6569/com..tba W/System.err:     at cz.msebera.android.httpclient.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:487)
10-15 15:09:15.323 6279-6569/com..tba W/System.err:     at cz.msebera.android.httpclient.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:860)
10-15 15:09:15.324 6279-6569/com..tba W/System.err:     at cz.msebera.android.httpclient.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
10-15 15:09:15.324 6279-6569/com..tba W/System.err:     at com.loopj.android.http.AsyncHttpRequest.makeRequest(AsyncHttpRequest.java:146)
10-15 15:09:15.324 6279-6569/com..tba W/System.err:     at com.loopj.android.http.AsyncHttpRequest.makeRequestWithRetries(AsyncHttpRequest.java:177)
10-15 15:09:15.324 6279-6569/com..tba W/System.err:     at com.loopj.android.http.AsyncHttpRequest.run(AsyncHttpRequest.java:106)
10-15 15:09:15.325 6279-6569/com..tba W/System.err:     at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:428)
10-15 15:09:15.325 6279-6569/com..tba W/System.err:     at java.util.concurrent.FutureTask.run(FutureTask.java:237)
10-15 15:09:15.325 6279-6569/com..tba W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
10-15 15:09:15.325 6279-6569/com..tba W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
10-15 15:09:15.325 6279-6569/com..tba W/System.err:     at java.lang.Thread.run(Thread.java:762)

以下是Apache错误:

AH02261: Re-negotiation handshake failed: Not accepted by client!?

最后,下面是我的自定义信任管理员:

public  class MyTrustManager implements X509TrustManager {

protected ArrayList<X509TrustManager> x509TrustManagers = new ArrayList<X509TrustManager>();


protected MyTrustManager(KeyStore... additionalkeyStores) {
    final ArrayList<TrustManagerFactory> factories = new ArrayList<TrustManagerFactory>();

    try {
        // The default Trustmanager with default keystore
        final TrustManagerFactory original = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        original.init((KeyStore) null);
        factories.add(original);

        for( KeyStore keyStore : additionalkeyStores ) {
            final TrustManagerFactory additionalCerts = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            additionalCerts.init(keyStore);
            factories.add(additionalCerts);
        }

    } catch (Exception e) {
        throw new RuntimeException(e);
    }


    for (TrustManagerFactory tmf : factories)
        for( TrustManager tm : tmf.getTrustManagers() )
            if (tm instanceof X509TrustManager)
                x509TrustManagers.add( (X509TrustManager)tm );


    if( x509TrustManagers.size()==0 )
        throw new RuntimeException("Couldn't find any X509TrustManagers");

}

public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    final X509TrustManager defaultX509TrustManager = x509TrustManagers.get(0);
    defaultX509TrustManager.checkClientTrusted(chain, authType);
}

public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    for( X509TrustManager tm : x509TrustManagers ) {
        try {
            tm.checkServerTrusted(chain,authType);
            return;
        } catch( CertificateException e ) {
            // ignore
        }
    }
    throw new CertificateException();
}

public X509Certificate[] getAcceptedIssuers() {
    final ArrayList<X509Certificate> list = new ArrayList<X509Certificate>();
    for( X509TrustManager tm : x509TrustManagers )
        list.addAll(Arrays.asList(tm.getAcceptedIssuers()));
    return list.toArray(new X509Certificate[list.size()]);
}
}

非常感谢任何见解。

0 个答案:

没有答案