0

I am trying to implement a SSL socket between an Android App and a Python API.

The code below...

SSLSocketFactory ssf = (SSLSocketFactory) SSLSocketFactory.getDefault();
Socket s = ssf.createSocket("10.0.2.2", 5001);
DataOutputStream myDataOut = new DataOutputStream(s.getOutputStream());
myDataOut.writeUTF("Hello Server");
myDataOut.flush();
myDataOut.close();
s.close();

doesn't work as you can see:

590.0750 - Establishing connection to ('127.0.0.1', 50888)
590.0970 - Error while connecting
590.0970 - Error information: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:590)

I believe it doesn't because I am not specifying the certificate. See a Python working example of client:

import socket, ssl, pprint

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

ssl_sock = ssl.wrap_socket(s,
                           ca_certs="server.crt",
                           cert_reqs=ssl.CERT_REQUIRED)

ssl_sock.connect(('localhost', 5001))

print repr(ssl_sock.getpeername())
print ssl_sock.cipher()
print pprint.pformat(ssl_sock.getpeercert())

ssl_sock.write("Hello from the client...")

How can I specify the certificate in Java like I did in Python?

Kaguei Nakueka
  • 993
  • 2
  • 13
  • 34
  • You could debug the ssl issues in Java by using the jvm parameter *-Djavax.net.debug=ssl * . So you could see what really happened between client and server. In your case, I think your serve have a certificate for *localhost* and in your java program you use the ip. If you use the ip in java with certificate, be careful as you have to use the host name as *CN*. Put the ip address in the ssl v3 extension as DNS aliases. – Mario Santini Feb 01 '17 at 13:34

1 Answers1

2

Taken that I understood you right, this answer to a related question might be interesting for you. It describes the ways of specififying the certifications.

Community
  • 1
  • 1
Tom Connery
  • 110
  • 2
  • 8