3

I am looking to write integration testing of OkHttpClient with a mockwebserver with ssl using an android app. I was able to use HeldCertificate and HandshakeCertificates to achieve this, but I am interested in using self signed certs. While trying with self signed cert, I am getting a handshake failure. Here are the details to reproduce this.

a. Created self signed certificate using this command

openssl req -x509 -out localhost.crt -keyout localhost.key -newkey rsa:2048 -nodes -sha256 -subj '/CN=localhost' -extensions EXT -config <( \ printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

b. Converted to der for android. openssl x509 -in localhost.crt -outform der -out localhost.der.crt

c. Fetched the SSLSocketFactory using the code given here: https://gist.github.com/erickok/7692592 to pass it to mockWebserver.useHttps() and OkHttpClientBuilder..sslSocketFactory().

Encountering handshake failure when trying to send and receive a very simple request.

I/MockWebServer(16935): MockWebServer[38515] connection from null failed: javax.net.ssl.SSLHandshakeException: Handshake failed I/System.out(16935): TEMP: 7. Exception thrown javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xeef2cd80: Failure in SSL library, usually a protocol error I/System.out(16935): error:100c5410:SSL routines:ssl3_read_bytes:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:972 0xee9c4b80:0x00000001) I/System.out(16935): error:100c009f:SSL routines:ssl3_get_server_hello:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:771 0xea1a6827:0x00000000) Handshake failed W/System.err(16935): javax.net.ssl.SSLHandshakeException: Handshake failed W/System.err(16935): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:441) W/System.err(16935): at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:337) W/System.err(16935): at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:297) W/System.err(16935): at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:178) W/System.err(16935): at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:272) W/System.err(16935): at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:135) W/System.err(16935): at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:114) W/System.err(16935): at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42) W/System.err(16935): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) W/System.err(16935): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) W/System.err(16935): at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93) W/System.err(16935): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) W/System.err(16935): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) W/System.err(16935): at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) W/System.err(16935): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) W/System.err(16935): at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:126) W/System.err(16935): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) W/System.err(16935): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) W/System.err(16935): at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:200) W/System.err(16935): at okhttp3.RealCall.execute(RealCall.java:77) W/System.err(16935): at com.xyz.okhttp3_abc.sample.test.SampleUiTest.setup(SampleUiTest.java:180) W/System.err(16935): at java.lang.reflect.Method.invoke(Native Method) W/System.err(16935): at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) W/System.err(16935): at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) W/System.err(16935): at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) W/System.err(16935): at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:24) W/System.err(16935): at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) W/System.err(16935): at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) W/System.err(16935): at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) W/System.err(16935): at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) W/System.err(16935): at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) W/System.err(16935): at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) W/System.err(16935): at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) W/System.err(16935): at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) W/System.err(16935): at org.junit.runners.ParentRunner.run(ParentRunner.java:363) W/System.err(16935): at org.junit.runners.Suite.runChild(Suite.java:128) W/System.err(16935): at org.junit.runners.Suite.runChild(Suite.java:27) W/System.err(16935): at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) W/System.err(16935): at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) W/System.err(16935): at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) W/System.err(16935): at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) W/System.err(16935): at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) W/System.err(16935): at org.junit.runners.ParentRunner.run(ParentRunner.java:363) W/System.err(16935): at org.junit.runners.Suite.runChild(Suite.java:128) W/System.err(16935): at org.junit.runners.Suite.runChild(Suite.java:27) W/System.err(16935): at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) W/System.err(16935): at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) W/System.err(16935): at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) W/System.err(16935): at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) W/System.err(16935): at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) W/System.err(16935): at org.junit.runners.ParentRunner.run(ParentRunner.java:363) W/System.err(16935): at org.junit.runner.JUnitCore.run(JUnitCore.java:137) W/System.err(16935): at org.junit.runner.JUnitCore.run(JUnitCore.java:115) W/System.err(16935): at android.support.test.internal.runner.TestExecutor.execute(TestExecutor.java:56) W/System.err(16935): at android.support.test.runner.AndroidJUnitRunner.onStart(AndroidJUnitRunner.java:384) W/System.err(16935): at android.app.Instrumentation$InstrumentationThread.run(Instrumentation.java:1959) W/System.err(16935): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0xeef2cd80: Failure in SSL library, usually a protocol error W/System.err(16935): error:100c5410:SSL routines:ssl3_read_bytes:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:972 0xee9c4b80:0x00000001) W/System.err(16935): error:100c009f:SSL routines:ssl3_get_server_hello:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/s3_clnt.c:771 0xea1a6827:0x00000000) W/System.err(16935): at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) W/System.err(16935): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:353) W/System.err(16935): ... 55 more I/TestRunner(16935): failed: simpleTest[0](com.xyz.okhttp3_abc.sample.test.SampleUiTest) I/TestRunner(16935): failed: simpleTest[0](com.xyz.okhttp3_abc.sample.test.SampleUiTest) I/TestRunner(16935): ----- begin exception ----- I/TestRunner(16935): javax.net.ssl.SSLHandshakeException: Handshake failed I/TestRunner(16935): at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:441) I/TestRunner(16935): at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:337) I/TestRunner(16935): at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:297) I/TestRunner(16935): at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:178) I/TestRunner(16935): at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:272) I/TestRunner(16935): at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:135) I/TestRunner(16935): at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:114) I/TestRunner(16935): at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42) I/TestRunner(16935): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) I/TestRunner(16935): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) I/TestRunner(16935): at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93) I/TestRunner(16935): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) I/TestRunner(16935): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) I/TestRunner(16935): at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) I/TestRunner(16935): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) I/TestRunner(16935): at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:126) I/TestRunner(16935): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) I/TestRunner(16935): at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) I/TestRunner(16935): at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:200) I/TestRunner(16935): at okhttp3.RealCall.execute(RealCall.java:77) I/TestRunner(16935): at com.xyz.okhttp3_abc.sample.test.SampleUiTest.setup(SampleUiTest.java:180) I/TestRunner(16935): at java.lang.reflect.Method.invoke(Native Method) I/TestRunner(16935): at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) I/TestRunner(16935): at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) I/TestRunner(16935): at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) I/TestRunner(16935): at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:24) I/TestRunner(16935): at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) I/TestRunner(16935): at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) I/TestRunner(16935): at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) I/TestRunner(16935): at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) I/TestRunner(16935): at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) I/TestRunner(16935): at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) I/TestRunner(16935): at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) I/TestRunner(16935): at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) I/TestRunner(16935): at org.junit.runners.ParentRunner.run(ParentRunner.java:363) I/TestRunner(16935): at org.junit.runners.Suite.runChild(Suite.java:128) I/TestRunner(16935): at org.junit.runners.Suite.runChild(Suite.java:27) I/TestRunner(16935): at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) I/TestRunner(16935): at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) I/TestRunner(16935): at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) I/TestRunner(16935): at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) I/TestRunner(16935): at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) I/TestRunner(16935): at org.junit.runners.ParentRunner.run(ParentRunner.java:363) I/TestRunner(16935): at org.junit.runners.Suite.runChild(Suite.java:128) I/TestRunner(16935): at org.junit.runners.Suite.runChild(Suite.java:27) I/TestRunner(16935): at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) I/TestRunner(16935): at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) I/TestRunner(16935): at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) I/TestRunner(16935): at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) I/TestRunner(16935): at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) I/TestRunner(16935): at org.junit.runners.ParentRunner.run(ParentRunner.java:363) I/TestRunner(16935): at org.junit.runner.JUnitCore.run(JUnitCore.java:137) I/TestRunner(16935): at org.junit.runner.JUnitCore.run(JUnitCore.java:115) I/TestRunner(16935): at android.support.test.internal.runner.TestExecutor.execute(TestExecutor I/TestRunner(16935): ----- end exception ----- I/TestRunner(16935): finished: simpleTest[0](com.xyz.okhttp3_abc.sample.test.SampleUiTest) I/MonitoringInstr(16935): Activities that are still in CREATED to STOPPED: 0

Simpson
  • 292
  • 3
  • 13
  • I know nothing about OkHttpClient but the error string `HANDSHAKE_FAILURE_ON_CLIENT_HELLO` seems to say that the problem was with the `ClientHello` message, and this message has no data about certificates since those happen later in another message. ClientHello contains data about local time, a random value, list of cipher suites, compression methods and extensions supported. So maybe there is a problem more around cipher suites. – Patrick Mevzek Aug 23 '18 at 23:18
  • Take a look at this answer: https://stackoverflow.com/a/73793480/875657 – marcelosalloum Sep 20 '22 at 23:18

0 Answers0