Android的SSL證書問題

Question

我用：

sudo openssl req -new -x509 -days 365 -nodes -out /path/to/cert.pem -keyout /path/to/cert.pem 

創建證書和

keytool -importcert -v -trustcacerts -file "cert.pem" -alias ca -keystore "mySrvTruststore.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "bcprov-jdk16-145.jar" -storetype BKS -storepass pass 

使用bcprov-EXT-jdk15on-1.46，創造了BKR密鑰庫。我已經在/ res/raw/...中的android應用中導入了bkr keystore。

我的Android代碼：

protected org.apache.http.conn.ssl.SSLSocketFactory createAdditionalCertsSSLSocketFactory() { 
     try { 
      final KeyStore ks = KeyStore.getInstance("BKS"); 

      // the bks file we generated above 
      final InputStream in = RestaurantHanovra.getAppResources().openRawResource(R.raw.mysrvtruststore); 
      try { 
       // don't forget to put the password used above in strings.xml/mystore_password 
       ks.load(in, "pass".toCharArray()); 
      } finally { 
       in.close(); 
      } 

      return new MySSLSocketFactory(ks); 

     } catch(Exception e) { 
      throw new RuntimeException(e); 
     } 
    } 

當我嘗試執行HTTP請求，我得到這個錯誤：雖然我檢查我的web服務在瀏覽器中

08-17 16:18:19.778: W/System.err(16906): javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x5168b318: Failure in SSL library, usually a protocol error 
08-17 16:18:19.778: W/System.err(16906): error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol (external/openssl/ssl/s23_clnt.c:766 0x4172bb5a:0x00000000) 
08-17 16:18:19.778: W/System.err(16906): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:420) 
08-17 16:18:19.783: W/System.err(16906): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocketImpl.java:636) 
08-17 16:18:19.783: W/System.err(16906): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:607) 
08-17 16:18:19.783: W/System.err(16906): at org.apache.http.impl.io.SocketInputBuffer.<init>(SocketInputBuffer.java:70) 
08-17 16:18:19.783: W/System.err(16906): at org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java:83) 
08-17 16:18:19.788: W/System.err(16906): at org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java:170) 
08-17 16:18:19.788: W/System.err(16906): at org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java:106) 
08-17 16:18:19.788: W/System.err(16906): at org.apache.http.impl.conn.DefaultClientConnection.openCompleted(DefaultClientConnection.java:129) 
08-17 16:18:19.788: W/System.err(16906): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:172) 
08-17 16:18:19.788: W/System.err(16906): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164) 
08-17 16:18:19.788: W/System.err(16906): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119) 
08-17 16:18:19.788: W/System.err(16906): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:360) 
08-17 16:18:19.788: W/System.err(16906): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555) 
08-17 16:18:19.793: W/System.err(16906): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487) 
08-17 16:18:19.793: W/System.err(16906): at com.loopj.android.http.AsyncHttpRequest.makeRequest(AsyncHttpRequest.java:76) 
08-17 16:18:19.793: W/System.err(16906): at com.loopj.android.http.AsyncHttpRequest.makeRequestWithRetries(AsyncHttpRequest.java:95) 
08-17 16:18:19.793: W/System.err(16906): at com.loopj.android.http.AsyncHttpRequest.run(AsyncHttpRequest.java:57) 
08-17 16:18:19.793: W/System.err(16906): at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:390) 
08-17 16:18:19.798: W/System.err(16906): at java.util.concurrent.FutureTask.run(FutureTask.java:234) 
08-17 16:18:19.798: W/System.err(16906): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080) 
08-17 16:18:19.798: W/System.err(16906): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573) 
08-17 16:18:19.798: W/System.err(16906): at java.lang.Thread.run(Thread.java:856) 
08-17 16:18:19.798: W/System.err(16906): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x5168b318: Failure in SSL library, usually a protocol error 
08-17 16:18:19.798: W/System.err(16906): error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol (external/openssl/ssl/s23_clnt.c:766 0x4172bb5a:0x00000000) 
08-17 16:18:19.803: W/System.err(16906): at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method) 
08-17 16:18:19.808: W/System.err(16906): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:378) 
08-17 16:18:19.808: W/System.err(16906): ... 21 more 

，並一切正常精細。我錯過了什麼？

Answer 1

要回答我自己的問題，問題是我在8080上發送請求，而不是8443.這就是"SSL23_GET_SERVER_HELLO:unknown protocol "表示的內容。

如果您需要，請使用此方法。