5

I am trying to achieve Android ↔ Apache communication using HTTPS, but I get the error below. I experience the problem intermittently, about 30% of the time. 

javax.net.ssl.sslPeerUnverifiedException: No peer certificate

I searched on the web but any answer has helped me...

Here is my Android code:

http_post = new HttpPost(Utils.IP_ADDRESS);
http_post_data = new ArrayList<NameValuePair>();
http_post_data.add(new BasicNameValuePair("regId", regid));
http_post_data.add(new BasicNameValuePair("email", globals.userInfo.mail));
http_post_data.add(new BasicNameValuePair("pass", globals.userInfo.pass));
http_post.setEntity(new UrlEncodedFormEntity(http_post_data));

HttpParams httpParameters = new BasicHttpParams();
HttpConnectionParams.setConnectionTimeout(httpParameters, Utils.TIMEOUT_CONNECTION);
HttpConnectionParams.setSoTimeout(httpParameters, Utils.TIMEOUT_SOCKET);

http_client = new DefaultHttpClient(httpParameters);
response = http_client.execute(http_post);
String responseBody = EntityUtils.toString(response.getEntity(), GlobalsSingleton.applicationCharset);

I have a GoDaddy certificate. So what do i need to change in my server or android code to get this fixed?

jww
  • 97,681
  • 90
  • 411
  • 885
Fernando Santiago
  • 2,128
  • 10
  • 44
  • 75
  • Refer this http://stackoverflow.com/questions/2642777/trusting-all-certificates-using-httpclient-over-https – sasikumar Jun 20 '15 at 05:51
  • @Fernando - you need to be able to duplicate the problem to trouble shoot the problem. For trouble shooting, use `openssl s_client -connect host:port -tls1 -servername host`. Also, you need to post details, like the URL or server name, so we can try and duplicate it. Denying us the details does not serve any purpose since this server is on the web for bad guys to bang on. – jww Jun 22 '15 at 18:19
  • @Fernando - where is the site hosted, and is it load balanced? Also see `SSLSocketFactoryEx` to ensure you get a well configured SSL/TLS socket from Android. You can find it at [Which Cipher Suites to enable for SSL Socket?](http://stackoverflow.com/a/23365536/608639) – jww Jun 22 '15 at 18:24

2 Answers2

0

I was able to solve this issue for myself by restarting the Emulator or creating a new Emulator, and run the project in that new Emulator.

codeBoy
  • 533
  • 3
  • 7
  • 23
0

replace x509TrustManager in the socket. wrap you client like this:

public static org.apache.http.client.HttpClient wrapClient(org.apache.http.client.HttpClient base) {
        try {
            SSLContext ctx = SSLContext.getInstance("TLS");
            X509TrustManager tm = new X509TrustManager() {
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
                public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}
                public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}
            };
            ctx.init(null, new TrustManager[] { tm }, null);
            SSLSocketFactory ssf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
            SchemeRegistry registry = new SchemeRegistry();
            registry.register(new Scheme("https", 443, ssf));
            ThreadSafeClientConnManager mgr = new ThreadSafeClientConnManager(registry);
            return new DefaultHttpClient(mgr, base.getParams());
        } catch (Exception ex) {
            ex.printStackTrace();
            return null;
        }
    }
xxxzhi
  • 471
  • 3
  • 12