Databases
StackOverflow2013
Postsdbo
POAndroid 2.2 SSL Bug with client certificate?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POAndroid 2.2 SSL Bug with client certificate?
    text
    copied!<p><strong>My question:</strong></p> <p><em>Has anyone successfully authenticated the SSL connection with client certificate in Android 2.1/2.2 with multiple cert chain?</em></p> <p><strong>The details:</strong></p> <p>I am trying to implement a client certificate authentication for Android platform. There are plenty of discussion already in StackOverflow on how to do it using KeyStore and I am following the standard approach by supplying them to the SSLContext. </p> <p><code> context.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers() ,null); </code></p> <p>My client certificate has 3 certificates attached to it forming a cert chain. In Android 2.3+, the SSL handshake is successfully executed and I could move on with the request.</p> <p>In Android 2.2 however, the same approach would throw "bad certificate error"</p> <pre> error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate (external/openssl/ssl/s3_pkt.c:1139 0x26bd38:0x00000003) at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.nativeconnect(Native Method) at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:316) at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl$SSLOutputStream.(OpenSSLSocketImpl.java:564) at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getOutputStream(OpenSSLSocketImpl.java:479) </pre> <p>This is the same error if I issue OpenSSL command with incomplete certificate chain in CAfile argument:</p> <pre> openssl s_client -showcerts -cert [certificateFile] -key [keyFile] -connect [ip:port] -CAfile [cert-chain] </pre> <p>Which lead me to believe that Android 2.1/2.2 does not inspect the full chain. To be sure I check out the number of chain in KeyStore by using <code>getCertificateChain()</code> method.</p> <p>I was looking for a bug in Android related to my question, but haven't found any. Similar questions have been posted in SO without answer</p> <ul> <li><a href="https://stackoverflow.com/questions/9300821/ssl-not-working-on-android-2-2-only-in-2-3">ssl-not-working-on-android-2-2-only-in-2-3</a></li> <li><a href="https://stackoverflow.com/questions/8396548/android-2-2-ssl-library-error">android-2-2-ssl-library-error</a>. The last comment by Nikolay Elenkov in the only answer seem to indicate the same conclusion that I have, but I can't find any documentation backing it</li> </ul>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload