0

There was recently certificate change on staging servers of my app. The server passes Qualys SSL test with grade A- ("The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-") so I should be able to connect via https without adding any certs to my app, keystore or whatever. Indeed, the standard Android connection method works well (http://developer.android.com/training/basics/network-ops/connecting.html).

The problem is, I am using android-async-http all over the code, which uses org.apache.http.client. And that returns javax.net.ssl.SSLPeerUnverifiedException: No peer certificate when I connect to the site!

I can't really change the connection method in current circumstances. I'd like to stay with android-async-http and connect to my site without bypassing the SSL security.

Any tips? Some additional settings to android-async-http? Or maybe altering android-async-http source code would help?

morten.c
  • 3,414
  • 5
  • 40
  • 45
Łukasz Sromek
  • 3,637
  • 3
  • 30
  • 43

1 Answers1

0

I encountered a same problem 6 months back.

I think you will be able to solve it by :

  1. MySSLSocketFactory extends SSLSocketFactory
  2. Then u need to use this Class where you are creating an instace of HTTPClient and pass some parameters...

I think the link below would be helpful. If it doesn't help then i can share concrete code later...

https://stackoverflow.com/a/13812958/1386533

Community
  • 1
  • 1
Rakesh Gondaliya
  • 1,050
  • 3
  • 25
  • 42
  • well, but your solution bypasess the SSL security, right? I explicitly stated (in bold) that I don't want to bypass it, I want stupid apache to recognize that the certificate is valid just like all web browsers on Android and standard Android method for downloading stuff over the web do. – Łukasz Sromek Mar 20 '14 at 14:26
  • no it does not by pass it.... u do not need to implement allow all certificate !!! – Rakesh Gondaliya Mar 20 '14 at 14:32