我找到了解决方案(谢谢你尼古拉指着我在正确的方向)。
问题有两方面:一是它返回了Android不喜欢的站点证书,另外两个是仅启用了SSLv3(而不是TLS)。
这是我的解决方案。首先,我必须创建一个自定义套接字工厂类:
public class MySSLSocketFactory extends SSLSocketFactory {
SSLContext sslContext = SSLContext.getInstance("SSLv3");
public MySSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
super(truststore);
TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sslContext.init(null, new TrustManager[] { tm }, null);
}
@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
SSLSocket S = (SSLSocket) sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
S.setEnabledProtocols(new String[] {"SSLv3"});
return S;
}
@Override
public Socket createSocket() throws IOException {
SSLSocket S = (SSLSocket) sslContext.getSocketFactory().createSocket();
S.setEnabledProtocols(new String[] {"SSLv3"});
return S;
}
}
其次,我有这个习俗的HttpClient在我的代码定义:
public HttpClient getNewHttpClient() {
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, null);
MySSLSocketFactory sf = new MySSLSocketFactory(trustStore);
sf.setHostnameVerifier(MySSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
HttpParams params = new BasicHttpParams();
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(new Scheme("https", sf, 443));
ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);
return new DefaultHttpClient(ccm, params);
} catch (Exception e) {
return new DefaultHttpClient();
}
}
第三,我叫定制的HttpClient和解析结果:
public String test(String URIString) {
HttpClient httpClient = getNewHttpClient();
String result = "";
URI uri;
try {
uri = new URI(URIString);
} catch (URISyntaxException e1) {
return "ERROR";
}
HttpHost host = new HttpHost(uri.getHost(), 443, uri.getScheme());
HttpPost httppost = new HttpPost(uri.getPath());
try {
HttpResponse response = httpClient.execute(host, httppost);
BufferedReader reader = new BufferedReader(
new InputStreamReader(
response.getEntity().getContent()
)
);
String line = null;
while ((line = reader.readLine()) != null){
result += line + "\n";
}
return result;
} catch (ClientProtocolException e) {
return "ERROR";
} catch (IOException e) {
return "ERROR";
}
}
起初,我试图通过HttpClient的访问。在尝试了几项工作后(禁用SSL证书验证,将证书添加到本地密钥库等)后,我确定问题不在于证书本身。然后我尝试通过浏览器访问它,但它也不会在那里工作。我没有尝试过WebView,因为我假设如果浏览器无法连接,WebView也无法连接。 我回去接受了一些答案。接受程度低的原因是因为大部分答案都没有解决我的问题。 –
问题是您的服务器只响应单个SSL版本SSL v3。如果使用HttpClient,则需要创建自己的SocketFactory并手动设置启用的协议版本。类似的东西在这里描述:http://developer.android.com/reference/javax/net/ssl/SSLSocket.html#setEnabledProtocols(java.lang.String []) –
嗨尼古拉,经过一些研究,我已经找到你所描述的。服务器不支持TLS,这是应用程序试图握手的内容。我现在正在研究如何强制使用SSLv3,但我没有太多的运气(这比我有限的Java经验习惯稍高一点)。你认为你可以为我提供一个非常基本的代码片段吗? –