Android 2.2 SSL error with client certificate?

My question is:

Has anyone successfully authenticated an SSL connection to a client certificate in Android 2.1 / 2.2 with multiple certificate chains?

Details:

I am trying to implement client certificate authentication for the Android platform. There is a lot of discussion on StackOverflow on how to do this with KeyStore, and I follow standard approaches by providing them in SSLContext.

context.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers() ,null);

My client certificate has three certificates that form a chain of certificates. In Android 2.3+, the SSL handshake is successful and I can proceed with the request.

In Android 2.2, however, the same approach would cause a "certificate error"

error: 14094412: SSL routines: SSL3_READ_BYTES: sslv3 alert bad certificate (external / openssl / ssl / s3_pkt.c: 1139 0x26bd38: 0x00000003)
at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.nativeconnect (Native Method)
at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake (OpenSSLSocketImpl.java data16)
at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl $ SSLOutputStream. (OpenSSLSocketImpl.java►64)
at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getOutputStream (OpenSSLSocketImpl.java:479)

This is the same error if I issue an OpenSSL command with an incomplete certificate chain in the CAfile argument:

openssl s_client -showcerts -cert [certificateFile] -key [keyFile] -connect [ip: port] -CAfile [cert-chain]

Which made me believe that Android 2.1 / 2.2 does not check the whole chain. To check the number of chains in KeyStore using the method getCertificateChain().

Android, , . SO

0
1

, Android 2.1/2.2.

, . , , - , , KeyStore .

+1

Source: https://habr.com/ru/post/1755404/


All Articles