CODEWITHSUNDEEP
androidsslhttps
Janis Peisenieks
Janis Peisenieks

Reputation: 4988

SSLPeerUnverifiedException while creating an SSL connection on Android

I have been trying to do this for 2 days now, and I just can't get this working.

I have a real certificate, signed by COMODO, which itself is signed by USERTrust. But when I try to make a connection to my domain, this is what I get:

javax.net.ssl.SSLPeerUnverifiedException: No peer certificate

The code I'm using to get this is:

public void postData() {

    // Add your data

    try {

       HttpPost post = new HttpPost(new URI("https://example.com"));


        KeyStore trusted = KeyStore.getInstance("BKS");
        trusted.load(null, "".toCharArray());
        SSLSocketFactory sslf = new SSLSocketFactory(trusted);
        sslf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

        SchemeRegistry schemeRegistry = new SchemeRegistry();
        schemeRegistry.register(new Scheme ("https", sslf, 443));
        SingleClientConnManager cm = new SingleClientConnManager(post.getParams(),
                schemeRegistry);

        HttpClient client = new DefaultHttpClient(cm, post.getParams());

        // Execute HTTP Post Request
        @SuppressWarnings("unused")
        HttpResponse result = client.execute(post);

    } catch (ClientProtocolException e) {
        // TODO Auto-generated catch block
        Log.e(TAG,e.getMessage());
        Log.e(TAG,e.toString());
        e.printStackTrace();
    } catch (IOException e) {
        // TODO Auto-generated catch block
        Log.e(TAG,e.getMessage());
        Log.e(TAG,e.toString());
        e.printStackTrace();
    } catch (URISyntaxException e) {
            // TODO Auto-generated catch block
        Log.e(TAG,e.getMessage());
        Log.e(TAG,e.toString());
        e.printStackTrace();
        } catch (KeyStoreException e) {
            // TODO Auto-generated catch block
            Log.e(TAG,e.getMessage());
            Log.e(TAG,e.toString());
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e) {
            // TODO Auto-generated catch block
            Log.e(TAG,e.getMessage());
            Log.e(TAG,e.toString());
            e.printStackTrace();
        } catch (CertificateException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
            Log.e(TAG,e.toString());
            Log.e(TAG,e.getMessage());
        } catch (KeyManagementException e) {
            // TODO Auto-generated catch block
            Log.e(TAG,e.getMessage());
            Log.e(TAG,e.toString());
            e.printStackTrace();
        } catch (UnrecoverableKeyException e) {
            // TODO Auto-generated catch block
            Log.e(TAG,e.getMessage());
            Log.e(TAG,e.toString());
            e.printStackTrace();
        }
    }

I have tried both my domain, and https://google.com. They both return the same. And here is the stack:

02-01 10:24:30.067: W/System.err(15560): javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
02-01 10:24:30.088: W/System.err(15560):    at org.apache.harmony.xnet.provider.jsse.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:258)
02-01 10:24:30.098: W/System.err(15560):    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93)
02-01 10:24:30.098: W/System.err(15560):    at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381)
02-01 10:24:30.108: W/System.err(15560):    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:164)
02-01 10:24:30.108: W/System.err(15560):    at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
02-01 10:24:30.128: W/System.err(15560):    at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
02-01 10:24:30.138: W/System.err(15560):    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:359)
02-01 10:24:30.148: W/System.err(15560):    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
02-01 10:24:30.158: W/System.err(15560):    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
02-01 10:24:30.158: W/System.err(15560):    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
02-01 10:24:30.178: W/System.err(15560):    at com.example.Preferences.postData(Preferences.java:103)
02-01 10:24:30.178: W/System.err(15560):    at com.example.Preferences.onCreate(Preferences.java:52)
02-01 10:24:30.178: W/System.err(15560):    at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1072)
02-01 10:24:30.178: W/System.err(15560):    at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:1836)
02-01 10:24:30.178: W/System.err(15560):    at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:1893)
02-01 10:24:30.178: W/System.err(15560):    at android.app.ActivityThread.access$1500(ActivityThread.java:135)
02-01 10:24:30.178: W/System.err(15560):    at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1054)
02-01 10:24:30.178: W/System.err(15560):    at android.os.Handler.dispatchMessage(Handler.java:99)
02-01 10:24:30.178: W/System.err(15560):    at android.os.Looper.loop(Looper.java:150)
02-01 10:24:30.178: W/System.err(15560):    at android.app.ActivityThread.main(ActivityThread.java:4385)
02-01 10:24:30.188: W/System.err(15560):    at java.lang.reflect.Method.invokeNative(Native Method)
02-01 10:24:30.188: W/System.err(15560):    at java.lang.reflect.Method.invoke(Method.java:507)
02-01 10:24:30.188: W/System.err(15560):    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:849)
02-01 10:24:30.188: W/System.err(15560):    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:607)

Also, while going over the logs, I found, what I believe to be the error that is causing this:

02-01 10:44:13.122: W/System.err(15746): Catch exception while startHandshake: javax.net.ssl.SSLHandshakeException: java.security.InvalidAlgorithmParameterException: trustAnchors.isEmpty()
02-01 10:44:13.122: W/System.err(15746): return an invalid session with invalid cipher suite of SSL_NULL_WITH_NULL_NULL

During these 2 days I have read TONS of articles explaining how to connect to a Self-signed SSL protected website. I have also found this question, which is where I got the code, but I cant for the life of me figure out what the using the default Android verification mechanism means and how to implement it.

Could someone provide a piece of code which fixes, or implements connecting to a REAL certificate?

Thanks!

Upvotes: 4

Views: 5181

Answers (1)

Janis Peisenieks
Janis Peisenieks

Reputation: 4988

What I was doing wrong, was not giving the TrustManager to SSLContextFactory. A fuller explanation on my blog. Too long to post here.

Upvotes: 2

Related Questions