我遇到了Android(版本3.1和2.3.4)抛出的问题:
javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
访问具有Versign V3 1024位证书(CN = VeriSign Class 3安全服务器CA-G2)的RSS服务器时出错。我可以使用Versign V3 2048位证书访问不同的服务器,它很好。有没有人知道Android是否存在旧版1024位证书的问题?
实际的堆栈跟踪如下所示:
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): Caused by: javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.apache.harmony.xnet.provider.jsse.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:258)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:164)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:359)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:80)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:46)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:56)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:451)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): ... 10 more
答案 0 :(得分:0)
你应该看一下这个帖子:
1024-bit SSL certificates provider
看起来使用1024位ssl证书太弱了。我查看了the code from apache harmony,但API看起来有点复杂(说实话,因为某些字段在SSLImpl类之外被修改了,这很笨拙),而且我找不到更多的信息。
看起来最好的解决方案是向您的网络托管服务提供商索取现代2048位x509证书。
此致 斯特凡