POST request over HTTPs with Android

Question

I've got a big problem. I've to POST to an URL some parameters from my application. But when I try to do it within a WebView object it trows me an exception that says "Untrusted Certicate" (the exception is trown by the method in override of the WebViewClient onReceivedSslError()). How can I be able to handshake correctly with the server? Could you please give me some tips? I'm getting crazy...

Really, really thanks...

EDIT: this is how I've defined my webview

webView = (WebView) myFragmentView.findViewById(R.id.webView);
webView.setWebViewClient(new WebViewClient(){
        @Override
        public void onPageFinished(WebView view, String string){
            Log.debug(tag, "URL pagina terminata :"+webView.getUrl() );
            if(progress!=null) 
                if(progress.isShowing()){progress.dismiss();}
        }

        @Override
        public void onReceivedError(WebView view, 
                int errorCode,
                String description, 
                String failingUrl) {
            Log.error(tag, "ERROR:" + description );
           }

        @Override
        public void onReceivedSslError(WebView view,
                SslErrorHandler handler, SslError error) {
            super.onReceivedSslError(view, handler, error);
            Log.error(tag, "SSL Error received: "+ error.getPrimaryError());

            handler.proceed();
        }


    });

This is how I've created a postRequest within a WebView

webView.postUrl(url, EncodingUtils.getBytes(postParameters, "base64"));

This is the LogCat output:

SSL Error received: 3 - Untrusted Certificate

Now, googling a little bit I've seen that there's the need to check the validity of the certificate and to import the keychain into a local keystore. But the problem is that I'0 don't know where to start... :)

Could you please share the code you already have and point to the trouble? — Ksenia, Feb 16 '13 at 12:32
I've edited my post giving you more information. Do you need something else? :) Really thanks... — m.fiorentino, Feb 16 '13 at 12:50
do you receive an untrusted certificate wwarning when you view the URL in your browser? — Uku Loskit, Feb 16 '13 at 12:54
yeas, I have tried to load into a browser and an untrusted certificate warning is shown! If I'm going to accept it then I'm able to see the page... — m.fiorentino, Feb 16 '13 at 12:55

score 1 · Accepted Answer · edited May 23 '17 at 11:44

1

If security is not a priority, you can try to call handler.proceed() in your onReceivedSslError(), Don't call the super method.

If security is a priority (and it should be):

I haven't tried this myself for webView, but try setting your certificate like this: Android WebView setCertificate issues SSL problems

To get the actual certificates you can load them into your browser (by accepting the warning when you open the url in the browser) and the export them from there, or you can use the openssl tool like described here: http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html

edited May 23 '17 at 11:44

Community

1
1

answered Feb 16 '13 at 12:58

Uku Loskit

40,868
9
92
93

Without the invokation of the super Works great, but I Know that there's a security hole. But this mean that the communication with the server is not encrypted?? – m.fiorentino Feb 16 '13 at 13:54
the communication is encrypted, but authentication of the server is not guaranteed. It is vulnerable to man-in-the-middle-attacks. The attacker could send you his self-signed cert and you would happily accept it. – Uku Loskit Feb 16 '13 at 13:57
Yes, perfect. You have been so great. Could you recommend me how to check the certificate? – m.fiorentino Feb 16 '13 at 13:59

POST request over HTTPs with Android

1 Answers1