SSLV3_ALERT_CERTIFICATE_UNKNOWN during handshake in Android Q version - android

I have added self-signed certificate for client-server communication
using "TLSv1" protocol working perfectly in all device, but in Android Q preview during the handshake process getting the following exception
The error can be generated from procedtoUnsafe or adding exception from browser
D/FA: Logging event (FE): user_engagement(_e), Bundle[{firebase_event_origin(_o)=auto, engagement_time_msec(_et)=9551, firebase_screen_class(_sc)=HomeActivity, firebase_screen_id(_si)=-2452361814686810599}]
D/FA: Connected to remote service
W/antra.rdservic: Accessing hidden method Ljava/net/InetAddress;->holder()Ljava/net/InetAddress$InetAddressHolder; (greylist, reflection, allowed)
W/antra.rdservic: Accessing hidden method Ljava/net/InetAddress$InetAddressHolder;->getOriginalHostName()Ljava/lang/String; (greylist-max-o, reflection, denied)
W/antra.rdservic: Accessing hidden method Ldalvik/system/CloseGuard;->close()V (greylist,core-platform-api, linking, allowed)
W/System.err: javax.net.ssl.SSLHandshakeException: Handshake failed
W/System.err: at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(:com.google.android.gms#17122037#17.1.22 (100400-245988633):35)
W/System.err: at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.waitForHandshake(:com.google.android.gms#17122037#17.1.22 (100400-245988633):1)
W/System.err: at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.getOutputStream(:com.google.android.gms#17122037#17.1.22 (100400-245988633):5)
W/System.err: at com.mantra.rdservice.sslservice.SslServer.runSecureServer(SslServer.java:121)
W/System.err: at com.mantra.rdservice.sslservice.SslServer.runServer(SslServer.java:157)
W/System.err: at com.mantra.rdservice.sslservice.SslServer.findPort(SslServer.java:106)
W/System.err: at com.mantra.rdservice.sslservice.SecureService$1.run(SecureService.java:74)
W/System.err: at java.lang.Thread.run(Thread.java:919)
W/System.err: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xc386a398: Failure in SSL library, usually a protocol error
W/System.err: error:10000416:SSL routines:OPENSSL_internal:SSLV3_ALERT_CERTIFICATE_UNKNOWN (third_party/openssl/boringssl/src/ssl/tls_record.cc:587 0xc5e7a888:0x00000001)
W/System.err: at com.google.android.gms.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
W/System.err: at com.google.android.gms.org.conscrypt.NativeSsl.doHandshake(:com.google.android.gms#17122037#17.1.22 (100400-245988633):7)
W/System.err: at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(:com.google.android.gms#17122037#17.1.22 (100400-245988633):14)
W/System.err: ... 7 more
W/antra.rdservic: Accessing hidden method Ljava/net/InetAddress$InetAddressHolder;->getOriginalHostName()Ljava/lang/String; (greylist-max-o, reflection, denied)
W/antra.rdservic: Accessing hidden method Ljava/net/InetAddress$InetAddressHolder;->getOriginalHostName()Ljava/lang/String; (greylist-max-o, reflection, denied)
i have added function that created connection
Loopback ="127.0.0.1";
private void runSecureServer(final int port) throws Exception {
final ServerSocket socket = createSSLSocket();
socket.bind(new InetSocketAddress(Loopback, port));
socket.setReuseAddress(true);
this._url = "https://" + Loopback + ":" + String.valueOf(port) + "/";
while (true) {
try {
Socket client = socket.accept();
PrintWriter outputStream = new PrintWriter(client.getOutputStream(), true);
BufferedReader inputStream = new BufferedReader(new InputStreamReader(client.getInputStream()));
StringBuilder finalData = new StringBuilder();
String inputLine;
while ((inputLine = inputStream.readLine()) != null && !inputLine.equals("")) {
finalData.append(inputLine).append("\r\n");
}
executorService.execute(new HttpProcessor(ctx, _url, client, outputStream, inputStream, finalData.toString()));
} catch (Exception ex) {
ex.printStackTrace();
socket.close();
runServer(port);
break;
}
}
}
I have referred StackOverflow question but no solution found

Related

SSL handshake exception despite custom X509TrustManager

I have been using the approach with a custom trust manager to avoid SSL handshake exceptions
static {
try {
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, new TrustManager[]{
new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) {
}
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[]{};
}
}
}, null);
HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
} catch (NoSuchAlgorithmException | KeyManagementException e) {
e.printStackTrace();
}
HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true);
}
and then using JSoup to get the page contents:
Document document = Jsoup.connect(url).timeout(TIMEOUT).userAgent(USER_AGENT_MOZILLA).get();
But recently I ran against an url on which that approach didn't work.
http://feeds.dzone.com/link/18931/15381195/what-are-microservices-2
I got that exception again
Interesting that running that code in a JUnit test doesn't cause any problems. I assume it's because the corresponding certificate is available on my PC.
But if I run the Android app with that code, be it physical device or emulator the exception would be thrown.
I can also open the url in the browser on physical device or emulator.
Any ideas why the approach fails on that url?
Below is the output ( e.printStackTrace() )
W/System.err: javax.net.ssl.SSLHandshakeException: Handshake failed
W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:429)
W/System.err: at com.android.okhttp.Connection.connectTls(Connection.java:235)
at com.android.okhttp.Connection.connectSocket(Connection.java:199)
at com.android.okhttp.Connection.connect(Connection.java:172)
at com.android.okhttp.Connection.connectAndSetOwner(Connection.java:367)
at com.android.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:130)
at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:329)
W/System.err: at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:246)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:457)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:126)
at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java)
at org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:732)
at org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:759)
at org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:707)
W/System.err: at org.jsoup.helper.HttpConnection.execute(HttpConnection.java:297)
at org.jsoup.helper.HttpConnection.get(HttpConnection.java:286)
at com.denis.aristov.tts.web.DZoneProcessor.extractPlainText(DZoneProcessor.java:69)
at com.denis.aristov.tts.web.WebContentProcessor.lambda$buildRequests$0(WebContentProcessor.java:177)
at com.denis.aristov.tts.web.-$$Lambda$WebContentProcessor$pTY0-1VHYsJSt_VDuccv_skDjX4.call(lambda)
at java.util.concurrent.FutureTask.run(FutureTask.java:237)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
at java.lang.Thread.run(Thread.java:761)
Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed
... 24 more
W/System.err: Suppressed: javax.net.ssl.SSLHandshakeException: Handshake failed
... 24 more
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xa29cf980: Failure in SSL library, usually a protocol error
error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:610 0x8f555da0:0x00000001)
error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:764 0xa0030266:0x00000000)
W/System.err: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
... 23 more
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xa29cf980: Failure in SSL library, usually a protocol error
error:1000043e:SSL routines:OPENSSL_internal:TLSV1_ALERT_INAPPROPRIATE_FALLBACK (external/boringssl/src/ssl/s3_pkt.c:610 0x8f555e00:0x00000001)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
... 23 more
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xa29cf980: Failure in SSL library, usually a protocol error
error:1000043e:SSL routines:OPENSSL_internal:TLSV1_ALERT_INAPPROPRIATE_FALLBACK (external/boringssl/src/ssl/s3_pkt.c:610 0x8f555e00:0x00000001)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
... 23 more
I'm using Android 7 (API Level 27)
I used the site https://www.ssllabs.com/ssltest/ to scan the SSL server and it reported:
This server supports TLS 1.0 and TLS 1.1. Grade capped to B.
This server supports TLS 1.3.
However the site suggested me to scan not the original hostname feeds.dzone.com but feedpress.me (because of redirection perhaps)
Try this
static {
try {
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, new TrustManager[]{
new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) {
}
public X509Certificate[] getAcceptedIssuers() {
new java.security.cert.X509Certificate[]{};
}
}
}, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
} catch (NoSuchAlgorithmException | KeyManagementException e) {
e.printStackTrace();
}
HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true);
}

For SMACK 4.3.4 How do I update a default certificate needed for client connection to server?

I have written an Android application using SMACK 4.3.4. Everything has been working great until today, when I started getting connection errors.
I am using a public, online XMPP server for my testing (chatserver.space). I have not to this point had to do anything with certificates. It all "just worked". So clearly there is some default certificate somewhere that has expired (see the Caused by: java.security.cert.CertPathValidatorException: timestamp check failed portion of the stacktrace below), I just don't understand where it is and what I need to do to bump the date properly.
Here is the code from my app (standard SMACK connection stuff):
public void connect() throws Exception {
Timber.d("Lifecycle: XMPPConnectionMgr connect() attempted HOST: %s, PORT: %d, DOMAIN: %s", XMPP_HOST, XMPP_PORT, XMPP_DOMAIN);
if (xmppConnection == null) {
XMPPTCPConnectionConfiguration.Builder connConfigBuilder = XMPPTCPConnectionConfiguration.builder();
try {
connConfigBuilder
.setHost(XMPP_HOST) // Name of your Host
.setPort(XMPP_PORT) // Your Port for accepting c2s connection
.setXmppDomain(XMPP_DOMAIN)
.setSecurityMode(XMPPTCPConnectionConfiguration.SecurityMode.required);
xmppConnection = new XMPPTCPConnection(connConfigBuilder.build());
xmppConnection.addConnectionListener(this);
Set<String> blacklist = SASLAuthentication.getBlacklistedSASLMechanisms();
Timber.d("Lifecycle: Blacklist contents: %s", blacklist.toString());
Map<String,String> registered = SASLAuthentication.getRegisterdSASLMechanisms();
Timber.d("Lifecycle: registered SASLAuthentication mechanisms: %s", registered.toString());
} catch (XmppStringprepException e) {
Timber.d("XMPPConnectionMgr could not connect to XMPP Server: %s", e.getMessage());
throw new Exception(String.format(InTouch.getInstance().getApplicationContext().getString(R.string.exception_communications_connection),
e.getMessage()));
}
}
try {
if ( !xmppConnection.isConnected() ) {
xmppConnection.connect();
}
} catch (SmackException e) {
Timber.d("XMPPConnectionMgr got Exception trying to connect to XMPP Server: %s", e.getMessage());
throw new Exception(String.format(InTouch.getInstance().getApplicationContext().getString(R.string.exception_communications_connection),
e.getMessage()));
} catch (IOException e) {
Timber.d("XMPPConnectionMgr got IOException trying to connect to XMPP Server: %s", e.getMessage());
throw new Exception(String.format(InTouch.getInstance().getApplicationContext().getString(R.string.exception_communications_connection),
e.getMessage()));
} catch (XMPPException e) {
Timber.d("XMPPConnectionMgr got Exception trying to connect to XMPP Server: %s", e.getMessage());
throw new Exception(String.format(InTouch.getInstance().getApplicationContext().getString(R.string.exception_communications_connection),
e.getMessage()));
} catch (InterruptedException e) {
Timber.d("XMPPConnectionMgr got InterruptedException trying to connect to XMPP Server: %s", e.getMessage());
throw new Exception(String.format(InTouch.getInstance().getApplicationContext().getString(R.string.exception_communications_connection),
e.getMessage()));
}
}
The full stack trace is as follows:
2019-07-22 21:01:46.942 1511-1929/com.reddragon.intouch W/AbstractXMPPConnection: Connection XMPPTCPConnection[not-authenticated] (0) closed with error
javax.net.ssl.SSLHandshakeException: Chain validation failed
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:361)
at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:690)
at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:652)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnection.java:703)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:853)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$2000(XMPPTCPConnection.java:155)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1171)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$1000(XMPPTCPConnection.java:1092)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1112)
at java.lang.Thread.run(Thread.java:764)
Caused by: java.security.cert.CertificateException: Chain validation failed
at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:788)
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:612)
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:633)
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:678)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:499)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:422)
at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:343)
at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:203)
at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:607)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:690) 
at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:652) 
at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnection.java:703) 
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:853) 
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$2000(XMPPTCPConnection.java:155) 
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1171) 
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$1000(XMPPTCPConnection.java:1092) 
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1112) 
at java.lang.Thread.run(Thread.java:764) 
Caused by: java.security.cert.CertPathValidatorException: timestamp check failed
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:133)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:225)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:143)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
at com.android.org.conscrypt.DelegatingCertPathValidator.engineValidate(DelegatingCertPathValidator.java:44)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:301)
at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:784)
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:612) 
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:633) 
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:678) 
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:499) 
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:422) 
at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:343) 
at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94) 
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88) 
at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:203) 
at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:607) 
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) 
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357) 
at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:690) 
at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:652) 
at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnection.java:703) 
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:853) 
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$2000(XMPPTCPConnection.java:155) 
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1171) 
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$1000(XMPPTCPConnection.java:1092) 
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1112) 
at java.lang.Thread.run(Thread.java:764) 
Caused by: java.security.cert.CertificateExpiredException: Certificate expired at Mon Jul 22 12:04:58 MDT 2019 (compared to Mon Jul 22 21:01:46 MDT 2019)
at com.android.org.conscrypt.OpenSSLX509Certificate.checkValidity(OpenSSLX509Certificate.java:244)
at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:194)
at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:144)
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:225) 
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:143) 
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79) 
at com.android.org.conscrypt.DelegatingCertPathValidator.engineValidate(DelegatingCertPathValidator.java:44) 
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:301) 
at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:784) 
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:612) 
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:633) 
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:678) 
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:499) 
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:422) 
at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:343) 
at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94) 
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88) 
at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:203) 
at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:607) 
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) 
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357) 
at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:690) 
at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:652) 
at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnection.java:703) 
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:853) 
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$2000(XMPPTCPConnection.java:155) 
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1171) 
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$1000(XMPPTCPConnection.java:1092) 
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1112) 
at java.lang.Thread.run(Thread.java:764) 
Looking at the output of openssl:
wojtek#atlantiscity.local ~ $ openssl s_client -connect xmpp.chatserver.space:5222 -xmpphost chatserver.space < /dev/null -starttls xmpp | openssl x509 -noout -dates
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = chatserver.space
verify return:1
poll error
notBefore=Jul 22 06:45:13 2019 GMT
notAfter=Oct 20 06:45:13 2019 GMT
It looks like they just renewed their certificate, so most likely you were served outdated certificate from the server (as would CertPathValidatorException: timestamp check failed indicate). Unfortunately you can't do anything in this case - server owner has to update the certificate on the server.
You could circumvent certificate verification but *THIS IS VERY, HIGHLY DISCOURAGED* (thus I won't go into details how to do it)

SSLProtocolException: Read error: ssl=0x9af236c0: Failure in SSL library, usually a protocol error in android emulator

I am using the following method to read the stream.
public static String readStream(InputStream inputStream) {
try {
ByteArrayOutputStream bo = new ByteArrayOutputStream();
int i = inputStream.read();
while (i != -1) {
bo.write(i);
i = inputStream.read();
}
return bo.toString();
} catch (IOException e) {
e.printStackTrace();
return "";
}
}
I am getting the following Exception at this line
int i = inputStream.read();
Exception:
javax.net.ssl.SSLProtocolException: Read error: ssl=0x9af236c0: Failure in SSL library, usually a protocol error
2019-03-15 16:25:25.978 5367-5389/com.healics.myhealics W/System.err: error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT (external/boringssl/src/crypto/cipher/e_aes.c:1143 0x989b8e9f:0x00000000)
2019-03-15 16:25:25.978 5367-5389/com.healics.myhealics W/System.err: error:1000008b:SSL routines:OPENSSL_internal:DECRYPTION_FAILED_OR_BAD_RECORD_MAC (external/boringssl/src/ssl/tls_record.c:277 0x989b8e9f:0x00000000)
2019-03-15 16:25:25.979 5367-5389/com.healics.myhealics W/System.err: at com.android.org.conscrypt.NativeCrypto.SSL_read(Native Method)
2019-03-15 16:25:25.980 5367-5389/com.healics.myhealics W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl$SSLInputStream.read(OpenSSLSocketImpl.java:741)
2019-03-15 16:25:25.980 5367-5389/com.healics.myhealics W/System.err: at com.android.okhttp.okio.Okio$2.read(Okio.java:136)
2019-03-15 16:25:25.980 5367-5389/com.healics.myhealics W/System.err: at com.android.okhttp.okio.AsyncTimeout$2.read(AsyncTimeout.java:211)
2019-03-15 16:25:25.980 5367-5389/com.healics.myhealics W/System.err: at com.android.okhttp.okio.RealBufferedSource.read(RealBufferedSource.java:50)
2019-03-15 16:25:25.980 5367-5389/com.healics.myhealics W/System.err: at com.android.okhttp.internal.http.Http1xStream$FixedLengthSource.read(Http1xStream.java:393)
2019-03-15 16:25:25.980 5367-5389/com.healics.myhealics W/System.err: at com.android.okhttp.okio.RealBufferedSource$1.read(RealBufferedSource.java:371)
2019-03-15 16:25:25.981 5367-5389/com.healics.myhealics W/System.err: at java.io.BufferedInputStream.fill(BufferedInputStream.java:248)
2019-03-15 16:25:25.982 5367-5389/com.healics.myhealics W/System.err: at java.io.BufferedInputStream.read(BufferedInputStream.java:267)
2019-03-15 16:25:25.983 5367-5389/com.healics.myhealics W/System.err: at com.interrahealth.i3user.util.StreamReader.readStream(StreamReader.java:18)
Now, this is happening only on the emulator when I run the code in the real android device it does not happen. This is an intermittent issue sometimes coming not every time.
Adding the code
I have not added any code which sets up the SSL/TLS settings below is my code
private static String mGetResponseFromNetworkRequest(String userPass, String apiEndpoint, String
outputStreamBytes, String requestMethod, String contentType) {
long startTime = System.currentTimeMillis();
String response = "";
Logger.d("apiEndpoint: " + apiEndpoint);
try {
HttpURLConnection httpURLConnection = getHttpUrlConnectionWithDigestAuth(apiEndpoint, requestMethod);
httpURLConnection.setRequestMethod(requestMethod);
httpURLConnection.setRequestProperty("Content-Type", contentType);
httpURLConnection.setRequestProperty("Content-Language", "en-US");
httpURLConnection.setRequestProperty("charset", "utf-8");
httpURLConnection.addRequestProperty("User-Agent", "XYZ");
httpURLConnection.addRequestProperty("Full-App-Version", BuildConfig.VERSION_NAME);
httpURLConnection.addRequestProperty("Platform", "Android");
httpURLConnection.setUseCaches(false);
httpURLConnection.setDoInput(true);
httpURLConnection.setDoOutput(true);
DataOutputStream dataOutputStream = new DataOutputStream(httpURLConnection.getOutputStream());
dataOutputStream.writeBytes(outputStreamBytes);
dataOutputStream.flush();
dataOutputStream.close();
Logger.d("dataOutputStream: " + outputStreamBytes);
Logger.d("Response Code: " + httpURLConnection.getResponseCode());
Logger.d("httpURLConnection.getHeaderFields(): " + httpURLConnection.getHeaderFields().toString());
Logger.d("httpURLConnection: " + httpURLConnection.toString());
// WAS THROWING ERRORS
if (httpURLConnection.getResponseCode() == 500) {
return "500";
} else {
InputStream inputStream = new BufferedInputStream(httpURLConnection.getInputStream());
response = StreamReader.readStream(inputStream);
httpURLConnection.disconnect();
}
Logger.d("Result: " + response);
} catch (MalformedInputException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
Log.d("mGetResponseFromNetworkRequest", "Connection Time = " + (System.currentTimeMillis() - startTime));
return response;
}
You need to set the setSSLSocketFactory on your HttpsURLConnection like so:
httpURLConnection.setSSLSocketFactory(new MyFactory());
In Android API level 16+ TLS 1.1 and 1.2 are not enabled by default so it needs to be enabled. Above we are using a class called MyFactory which is where you will set the SSLContext. Here is a link to show you what you need to do https://blog.dev-area.net/2015/08/13/android-4-1-enable-tls-1-1-and-tls-1-2/

Android can not connect to openfire server org.jivesoftware.smack.SmackException$ConnectionException

I'm trying to connect to openfire server via android but it didn't worked.
this is error
W/System.err: org.jivesoftware.smack.SmackException$ConnectionException: The following addresses failed: '192.168.3.24:5222' failed because: /218.68.250.118 exception: java.net.SocketTimeoutException: failed to connect to /218.68.250.118 (port 5222) from /192.168.232.2 (port 43000) after 12000ms
W/System.err: at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectUsingConfiguration(XMPPTCPConnection.java:620)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectInternal(XMPPTCPConnection.java:895)
at org.jivesoftware.smack.AbstractXMPPConnection.connect(AbstractXMPPConnection.java:409)
at com.example.chatdemo02.LoginActivity.initConnection(LoginActivity.java:60)
at com.example.chatdemo02.LoginActivity.onCreate(LoginActivity.java:32)
at android.app.Activity.performCreate(Activity.java:7136)
at android.app.Activity.performCreate(Activity.java:7127)
W/System.err: at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1271)
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2893)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3048)
at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:78)
at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:108)
W/System.err: at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:68)
W/System.err: at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1808)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loop(Looper.java:193)
at android.app.ActivityThread.main(ActivityThread.java:6669)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
W/System.err: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)
this my code
// Create the configuration for this new connection
configBuilder = XMPPTCPConnectionConfiguration.builder();
configBuilder.setUsernameAndPassword("a", "123456");
try {
configBuilder.setConnectTimeout(6000);
configBuilder.setSecurityMode(ConnectionConfiguration.SecurityMode.disabled);
configBuilder.setResource("Android");
configBuilder.setXmppDomain("192.168.3.24");
configBuilder.setHost("192.168.3.24");
configBuilder.setPort(5222);
configBuilder.setSendPresence(true);
}catch (org.jxmpp.stringprep.XmppStringprepException e){
e.printStackTrace();
}
connection = new XMPPTCPConnection(configBuilder.build());
try {
AndroidUsingLinkProperties.setup(getApplicationContext());
// Connect to the server
connection.connect();
// Log into the server
connection.login();
}catch (Exception e){
e.printStackTrace();
}
if(connection.isConnected()){
Intent intent = new Intent(this, MainpageActivity.class);
startActivity(intent);
}
My current situation
my system is windows 10
I'm using smack 4.3.1 and Openfire Version: 4.3.2
I have opened necessary port in firewall
my android and my computer is in same local area network
I have been confused about this for several days.please help me

java.net.SocketException in Android AsyncTask

I am now working on creating simple
image server in Android.
This is the server class...
new Thread(new Runnable()
{
public void run()
{
try
{
ServerSocket serverSocket = new ServerSocket(8080);
while(true)
{
Socket client = serverSocket.accept();
SimpleImageSender sender
= new SimpleImageSender(client);
sender.execute();
}
}
catch(Exception e)
{
e.printStackTrace();
}
}
}).start();
and this is the AsyncTask.
public class SimpleImageSender extends HttpGetForMapTileHandler<Void,Void,Void>
{
protected Socket client;
public SimpleImageSender(Socket socket)
{
super();
this.client = socket;
}
#Override
protected Void doInBackground(Void... params)
{
try
{
URL url = new URL("http://www.imageFromWeb.png");
HttpURLConnection httpCon = (HttpURLConnection)url.openConnection();
httpCon.setRequestMethod("GET");
httpCon.connect();
if(httpCon.getResponseCode() == 200)
{
DataOutputStream out = new DataOutputStream(this.client.getOutputStream());
byte response[] = new byte[BUFFER_SIZE];
int index = httpCon.getInputStream().read(response,0,BUFFER_SIZE);
while(index != -1)
{
out.write(response,0,index);//***
index = httpCon.getInputStream().read(response,0,BUFFER_SIZE);
}
out.flush();
}
else
{
Log.d("AAA","No png");
}
}
catch(Exception e)
{
e.printStackTrace();
cancel(true);
}
return null;
}
}
When I tested this code in Android 6.0(Nexus 5), Java.net.SocketException
occers when the line //*** called more than twice.
This is the call stack I got.
09-06 18:03:42.763 20730-22167/com.example.SimpleImageSenderServer
W/System.err: java.net.SocketException: sendto failed: ECONNRESET
(Connection reset by peer)
09-06 18:03:42.763 20730-22167/com.example.SimpleImageSenderServer
W/System.err: at
libcore.io.IoBridge.maybeThrowAfterSendto(IoBridge.java:542)
09-06 18:03:42.763 20730-22167/com.example.SimpleImageSenderServer
W/System.err: at libcore.io.IoBridge.sendto(IoBridge.java:511)
09-06 18:03:42.764 20730-22167/com.example.SimpleImageSenderServer
W/System.err: at
java.net.PlainSocketImpl.write(PlainSocketImpl.java:500)
09-06 18:03:42.764 20730-22167/com.example.SimpleImageSenderServer
W/System.err: at java.net.PlainSocketImpl.-
wrap1(PlainSocketImpl.java)
09-06 18:03:42.764 20730-22167/com.example.SimpleImageSenderServer
W/System.err: at
java.net.PlainSocketImpl$PlainSocketOutputStream.
write(PlainSocketImpl.java:266)
09-06 18:03:42.764 20730-22167/com.example.SimpleImageSenderServer
W/System.err: at
java.io.DataOutputStream.write(DataOutputStream.java:98)
09-06 18:03:42.765 20730-22167/com.example.SimpleImageSenderServer
W/System.err: at
com.example.SimpleImageSenderServer.
SimpleImageSender.doInBackground(SimpleImageSender.java:xx)
I also want to imform that this error did not happen when I tested in
Android 4.4.2, 5.0 devices.
Virtual devices (Android 7.0).
I checked the java.net.SocketException issues through
the Internet but I could not figure it out
what was the cause.
Any advice will be very helpful.
Thank you
You can never to thread operations on the main thread. It has to be done async.
So you have two options. Either disable strictmode:
if (android.os.Build.VERSION.SDK_INT > 9) {
StrictMode.ThreadPolicy policy = new StrictMode.ThreadPolicy.Builder()
.permitAll().build();
StrictMode.setThreadPolicy(policy);
}
Or use an asynctask for the connection too
int index = httpCon.getInputStream().read(response,0,BUFFER_SIZE);
while(index != -1)
{
out.write(response,0,index);//***
index = httpCon.getInputStream().read(response,0,BUFFER_SIZE);
}
This is garbage, or at least poorly written and poorly named. read() returns a count, not an index. Try this:
int count;
while((count = httpCon.getInputStream().read(response)) > 0)
{
out.write(response,0,count);
}
// The following are completey missing from your code
out.close();
httpCon.getInputStream().close();
If you still get connection resets it is probably because the peer has closed the connection.

Categories

Resources