0

Following this issue (that raised this question), and since we didn't get a good answer, we're looking into finding an alternative HTTPS client, one that does not use the Native_SSL library (as we think that the bug is there).

The Problem

We are attempting to use HTTPS with Client Certificate and perform upload of files larger then 44K. During the upload (checked with WireShark) at a cretin point, the server does not get any packets for 2 minutes, and closes the connection, causing a "Connection Reset By Peer".

Alternatives checked / Additional Research

We've checked the Apache Http Client port for android, but it uses the Native SSL library internally.

We've also checked the Chilkat http client, but it also didn't work.

One of the comments (By @DArkO) made to this question caused me to think perhaps the OOB Android HTTP client attempts to perform a multipart upload and fails - and that could be the root cause of all my problems.

So...

What alternative HTTP client would you recommend?

Community
  • 1
  • 1
Felix
  • 1,034
  • 1
  • 9
  • 29
  • Does the upload gets reset with HTTP - without SSL? \ – MaTriXy Sep 29 '14 at 17:58
  • @MaTriXy: No. Uploading without HTTPS, as uploading with HTTPS but without client certificate works without problems, like a charm. – Felix Sep 30 '14 at 07:46
  • and changing the certificate? – MaTriXy Oct 02 '14 at 10:04
  • @MaTriXy, it works without the certificate. The certificate itself is generated and signed (PKCS10 + PrivateKey --> PKCS7B + PrivateKey --> PKCS12 "complete"). While I've tried using many certificates (The issue was reproduced on 5 of our labs, to each his own CA, but all CA's are of the same vendor) and kept failing. A. I'm not sure what can I change in the certificate. B. Fact is that all other REST operations work with the certificate, and since the certificate exchange is a part of the handshake, I don't think that that's where the money is... unless you think otherwise... – Felix Oct 02 '14 at 12:22
  • I've stumbled upon a few issues in the past with multipart requests that the certificate was the issue. Maybe try (i'm pretty sure you already did the steps there but still) http://chariotsolutions.com/blog/post/https-with-client-certificates-on/ – MaTriXy Oct 08 '14 at 12:25
  • or maybe this one? http://stackoverflow.com/a/5459685/529518 It helped on one occasion before. – MaTriXy Oct 08 '14 at 12:26
  • @MaTriXy, Already Tried Apache (the one you suggested) and OkHttp. Didn't work (both use native_ssl internally). – Felix Oct 12 '14 at 10:50

1 Answers1

0

This is a work around - not a solution.

We just could not afford spending any more resources on this issue...

We've dodged the bullet by splitting the upload procedure to 2 steps:
First step (which requires the Client-certificate) takes all the metadata and returns an upload token (expires in 30 seconds).
Second step does not require the certificate, but uses the upload token to perform upload (still over SSL).

Felix
  • 1,034
  • 1
  • 9
  • 29