Android HTTPs post fails on newer devices

Question

Few days ago I upgraded my app engine server to work with secure HTTP requests only (HTTPS). (by adding 'secure: always' line in the app.yaml file).

Everything worked fine, I do manage to get response from my app engine server with my app (running on android 4.1.2), but today I found out that on 4.4.2 devices, I get the following error:

06-04 20:11:29.501: W/System.err(21158): javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
06-04 20:11:29.504: W/System.err(21158):    at com.android.org.conscrypt.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:146)
06-04 20:11:29.505: W/System.err(21158):    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93)
06-04 20:11:29.505: W/System.err(21158):    at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:388)
06-04 20:11:29.505: W/System.err(21158):    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:165)
06-04 20:11:29.506: W/System.err(21158):    at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
06-04 20:11:29.506: W/System.err(21158):    at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
06-04 20:11:29.506: W/System.err(21158):    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:360)
06-04 20:11:29.507: W/System.err(21158):    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
06-04 20:11:29.507: W/System.err(21158):    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
06-04 20:11:29.507: W/System.err(21158):    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)

This is the code in the client responsible for sending a json with http post request:

static private String getJson(String json,String url){
    HttpClient httpClient = new DefaultHttpClient();

    String responseString="";
    try {
        HttpPost request = new HttpPost("https://XXXXXX.appspot.com/XXXX/XXXX");
        StringEntity params =new StringEntity(json, "UTF-8");
        request.addHeader("content-type", "application/json");
        request.setEntity(params);
        HttpResponse response = httpClient.execute(request);
        HttpEntity entity = response.getEntity();
        responseString = EntityUtils.toString(entity, "UTF-8");


    }catch (Exception ex) {
        ex.printStackTrace();
        // handle exception here
    } finally {
        httpClient.getConnectionManager().shutdown();
    }
    return responseString;
}

I suspect that this way I'm doing HTTP post requests is somewhat wrong in newer devices (that's the only reason I can think of, since it works on my device perfectly, but on newer device it doesn't)

I also tried to create my HttpClient object using this method (which I saw fixes the problem sometimes) but it didn't help at all:

static private HttpClient createHttpClient()
{
    HttpParams params = new BasicHttpParams();
    HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
    HttpProtocolParams.setContentCharset(params, HTTP.DEFAULT_CONTENT_CHARSET);
    HttpProtocolParams.setUseExpectContinue(params, true);

    SchemeRegistry schReg = new SchemeRegistry();
    schReg.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
    schReg.register(new Scheme("https", SSLSocketFactory.getSocketFactory(), 443));
    ClientConnectionManager conMgr = new ThreadSafeClientConnManager(params, schReg);

    return new DefaultHttpClient(conMgr, params);
}

Been on it for around 8 hours already scanning all the internet but no solution.

Thanks for helpers.

I think I saw a second post just like this one today. My guess is that a new truststore was in 4.4.2 and that truststore does not support your ssl certificate. Things to check: Is your certificate self signed? Is your certificate in the 4.4.2 trusted certificates (settings -> security -> trusted credentials)? Is your site sending the correct chain file (http://stackoverflow.com/questions/13862908/ssl-certificate-is-not-trusted-on-mobile-only see first answer)? There might be other issues. Certificates are difficult. Can you try running your app with the -Djavax.net.debug=ssl option? — hooknc, Jun 04 '14 at 23:08
@hooknc If I understand the subject correctly, my certificate is not self signed. I didn't even mess with certificates at all. My server is running on google app engine platform, which gives the option to perform all communications above secure HTTP by adding a single line to the yaml.app file, and I do belive there shouldn't be any problem with google's certificates... I also checked the URL in the SSL checker site and it was ok. If you have any other idea why it could fail on newer devices, can you please answer step by step how to (try) to fix it? thanks — Jjang, Jun 05 '14 at 08:01

score 0 · Answer 1 · answered Jun 05 '14 at 13:06

0

Well, after lots of frustrations, the answer for whoever is stuck with the same problem: do not use apache's HttpClient.

Changing to HttpURLConnection seems to solve the error perfetly.

answered Jun 05 '14 at 13:06

Jjang

11,250
11
51
87

Android HTTPs post fails on newer devices

1 Answers1

Linked