I have run into an issue where Android (versions 3.1 and 2.3.4) throws a:
javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
error accessing an RSS server that has a Versign V3 1024-bit certificate (CN = VeriSign Class 3 Secure Server CA - G2). I can access a different server using a Versign V3 2048-bit certificate and it is fine. Does anyone know if Android has issues with the older 1024-bit certficates?
The actual stacktrace looks like this:
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): Caused by: javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.apache.harmony.xnet.provider.jsse.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:258)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:164)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:359)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
08-01 08:24:54.390: ER开发者_如何转开发ROR/DownloadRssFeedTask(1260): at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:80)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:46)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:56)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:451)
08-01 08:24:54.390: ERROR/DownloadRssFeedTask(1260): ... 10 more
You should have a look at this thread :
1024-bit SSL certificates provider
It looks like it's just too weak to use 1024 bits ssl certificates. I looked at the code from apache harmony but the API seems to be a bit complex (and clumsy to be honest as some fields are modified outside the SSLImpl class), and I couldn't find much more information.
It looks like the best solution would be to ask for a modern 2048 bits x509 certificate form your web hosting provider.
Regards, Stéphane
精彩评论