3

I'm writing an application where using Retrofit API for server communication. To test Back Date Scenario I modified Device Date fro current date. In response it giving following error log:

ExtCertPathValidatorException: Could not validate certificate: Certificate not valid until Tue Jan 06 05:30:00 GMT+05:30 2015 (compared to Thu Nov 13 11:52:59 GMT+05:30 2014)
D/Retrofit(22305):  at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
D/Retrofit(22305):  at com.squareup.okhttp.Connection.upgradeToTls(Connection.java:241)
D/Retrofit(22305):  at com.squareup.okhttp.Connection.connect(Connection.java:158)
D/Retrofit(22305):  at com.squareup.okhttp.Connection.connectAndSetOwner(Connection.java:174)
D/Retrofit(22305):  at com.squareup.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:120)
D/Retrofit(22305):  at com.squareup.okhttp.internal.http.RouteSelector.next(RouteSelector.java:131)
D/Retrofit(22305):  at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:312)
D/Retrofit(22305):  at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:235)
D/Retrofit(22305):  at com.squareup.okhttp.Call.getResponse(Call.java:262)
D/Retrofit(22305):  at com.squareup.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:219)
D/Retrofit(22305):  at com.squareup.okhttp.Call.getResponseWithInterceptorChain(Call.java:192)
D/Retrofit(22305):  at com.squareup.okhttp.Call.execute(Call.java:79)
D/Retrofit(22305):  at com.newrelic.agent.android.instrumentation.okhttp2.CallExtension.execute(CallExtension.java:43)
D/Retrofit(22305):  at retrofit.client.OkClient.execute(OkClient.java:53)
D/Retrofit(22305):  at com.newrelic.agent.android.instrumentation.retrofit.ClientExtension.execute(ClientExtension.java:42)
D/Retrofit(22305):  at retrofit.RestAdapter$RestHandler.invokeRequest(RestAdapter.java:326)
D/Retrofit(22305):  at retrofit.RestAdapter$RestHandler.access$100(RestAdapter.java:220)
D/Retrofit(22305):  at retrofit.RestAdapter$RestHandler$2.obtainResponse(RestAdapter.java:278)
D/Retrofit(22305):  at retrofit.CallbackRunnable.run(CallbackRunnable.java:42)
D/Retrofit(22305):  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
D/Retrofit(22305):  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
D/Retrofit(22305):  at java.lang.Thread.run(Thread.java:818)

In response I'm getting NETWORK as RetrofitError.getKind() object.

Any suggestion how else can filter it.

CoDe
  • 11,056
  • 14
  • 90
  • 197
  • What is your server url? – Vaisakh N Jul 16 '15 at 07:15
  • @VaisakhN How that matter dear ! – CoDe Jul 16 '15 at 07:16
  • I think(may be wrong :)) your server certificate valid dates is not matching with your device date – Vaisakh N Jul 16 '15 at 07:18
  • You right here...I change my local device date that I mention in Question. But how to handle it from code that This Kind of error has occur. Since in error response we get error kind as 'Network' only. Any other suggestion ! – CoDe Jul 16 '15 at 07:22
  • You can't handle it from code. The certificate isn't valid at the time setting you're using. You'll have to use an older certificate somehow. – user207421 Jul 16 '15 at 07:39
  • http://stackoverflow.com/questions/8693991/java-ignore-expired-ssl-certificate :-Hope this will help you – Vaisakh N Jul 16 '15 at 07:44
  • Thanks...but error I'm getting is an valid scenario. Only thing that I wanted to know if there is way to know in program, that This error occur. One partial way I found...Checked with Throwable instance if it's SSLHandshakeException...then this could be reason. But still Kind still same "Network" error. – CoDe Jul 16 '15 at 08:30

1 Answers1

0

Start from RetrofitError error, get the Throwable with Throwable exc = error.getCause() and then check if (exc != null && exc instanceof SSLHandshakeException). But i suggest you to use certificate pinning, to avoid this issues.

Mimmo Grottoli
  • 5,758
  • 2
  • 17
  • 27
  • certificate pinning, what is this! Could you elaborate more. – CoDe Jul 16 '15 at 09:27
  • 1
    Well, it's a way to trust a certificate. If you're using retrofit and OkHttp, I suggest to follow the example that you can find inside the [documentation](http://square.github.io/okhttp/javadoc/com/squareup/okhttp/CertificatePinner.html) – Mimmo Grottoli Jul 16 '15 at 09:33
  • @Shubh Have you tried to 'pin' the certificate? With this method you don't get the error right? If so, please, rate my answer. – Mimmo Grottoli Jul 17 '15 at 15:46
  • Mat, I did not got enough time, I will try and let you know. Additional I actually wanted to this happened as I do not wanted to allow user to use app in back date. – CoDe Jul 19 '15 at 11:47