OkHttp +使用双向SSL身份验证改进libssl崩溃
OkHttp:2.0.0-RC1,改造:1.5.1。
我正在创建okHttp客户端,如下所述:NoSuchMethodError如果我使用okhttp 2.0和最新的翻新? 并设置我自己的SSLScoketFactory
,并像这样初始化SSLContext
KeyStore keyStore = App.getInstance().getKeyStoreUtil().getKeyStore();
KeyStore trustStore = App.getInstance().getKeyStoreUtil().getTrustStore();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(trustStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, AppConfig.KEYSTORE_PASSWORD);
final X509KeyManager origKm = (X509KeyManager) kmf.getKeyManagers()[0];
//it's standard X509KeyManager, I've put some logging there
X509KeyManager km = new MyKeyManager(origKm);
SSLContext sslCtx = SSLContext.getInstance("TLS");
sslCtx.init(new KeyManager[]{km}, tmf.getTrustManagers(), null);
client.setSslSocketFactory(sslCtx.getSocketFactory());
client.setHostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
当我尝试建立双向身份验证SSL连接时,每次应用程序崩溃时出现以下日志:
06-02 17:42:01.215 25176-25542/pl.oneapp.sugarloaf A/libc﹕ Fatal signal 11 (SIGSEGV) at 0x00000000 (code=1), thread 25542 (IntentService[P)
06-02 17:42:01.236 253-253/? I/DEBUG﹕ debuggerd: 2014-06-02 17:42:01
06-02 17:42:01.236 253-253/? I/DEBUG﹕ *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
06-02 17:42:01.236 253-253/? I/DEBUG﹕ Build fingerprint: 'tmo_de/ville/ville:4.1.1/JRO03C/148618.10:user/release-keys'
06-02 17:42:01.236 253-253/? I/DEBUG﹕ pid: 25176, tid: 25542, name: IntentService[P >>> pl.oneapp.sugarloaf <<<
06-02 17:42:01.236 253-253/? I/DEBUG﹕ debuggerd: checkTellHTCSettings
06-02 17:42:01.256 253-253/? I/DEBUG﹕ signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 00000000
06-02 17:42:01.486 253-253/? I/DEBUG﹕ r0 00000000 r1 0000000a r2 00001173 r3 10000000
06-02 17:42:01.486 253-253/? I/DEBUG﹕ r4 00000000 r5 00000000 r6 00000000 r7 00000000
06-02 17:42:01.486 253-253/? I/DEBUG﹕ r8 000011d0 r9 00000000 sl 00001173 fp 000011d0
06-02 17:42:01.486 253-253/? I/DEBUG﹕ ip 40ad3b00 sp 543ef8d8 lr 40ab4097 pc 40a1c454 cpsr 28000030
06-02 17:42:01.486 253-253/? I/DEBUG﹕ d0 686320726f727245 d1 7020676e696b6365
06-02 17:42:01.486 253-253/? I/DEBUG﹕ d2 6b20657461766972 d3 3d6c7373203a7965
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d4 72307d503389e03e d5 1d7b8760438f005a
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d6 0a9bbe21ecb6ae8c d7 723f33a5fd51fd91
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d8 0000000000000000 d9 4407000000000000
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d10 0000000044548000 d11 0000000000000000
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d12 0000000000000000 d13 0000000000000000
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d14 0000000000000000 d15 0000000000000000
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d16 6c616e7265747865 d17 6c73736e65706f2f
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d18 6974756f72204c53 d19 5f4c53533a73656e
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d20 72705f6b63656863 d21 656b5f6574617669
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d22 697270206f6e3a79 d23 79656b2065746176
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d24 0000000000000001 d25 0000000000000019
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d26 0000000000000000 d27 0000000000000000
06-02 17:42:01.506 253-253/? I/DEBUG﹕ d28 0000000000000009 d29 0020001f001e001c
06-02 17:42:01.506 253-253/? I/DEBUG﹕ d30 0050005000500050 d31 0000000000000000
06-02 17:42:01.506 253-253/? I/DEBUG﹕ scr 68000013
06-02 17:42:01.516 253-253/? I/DEBUG﹕ backtrace:
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #00 pc 00055454 /system/lib/libcrypto.so (BUF_MEM_grow_clean+3)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #01 pc 00015093 /system/lib/libssl.so (ssl3_output_cert_chain+62)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #02 pc 00018199 /system/lib/libssl.so (ssl3_send_client_certificate+244)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #03 pc 00018575 /system/lib/libssl.so (ssl3_connect+960)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #04 pc 00023923 /system/lib/libssl.so (SSL_connect+18)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #05 pc 000114f7 /system/lib/libssl.so (ssl23_connect+1970)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #06 pc 0002385b /system/lib/libssl.so (SSL_do_handshake+66)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #07 pc 00020cdf /system/lib/libjavacore.so
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #08 pc 0001f6f0 /system/lib/libdvm.so (dvmPlatformInvoke+112)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #09 pc 0005269b /system/lib/libdvm.so (dvmCallJNIMethod(unsigned int const*, JValue*, Method const*, Thread*)+422)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #10 pc 00028ba0 /system/lib/libdvm.so
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #11 pc 0002eb60 /system/lib/libdvm.so (dvmInterpret(Thread*, Method const*, JValue*)+228)
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #12 pc 00068631 /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+272)
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #13 pc 0006865b /system/lib/libdvm.so (dvmCallMethod(Thread*, Method const*, Object*, JValue*, ...)+20)
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #14 pc 0007853b /system/lib/libdvm.so
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #15 pc 00028ba0 /system/lib/libdvm.so
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #16 pc 0002eb60 /system/lib/libdvm.so (dvmInterpret(Thread*, Method const*, JValue*)+228)
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #17 pc 00068631 /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+272)
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #18 pc 0006865b /system/lib/libdvm.so (dvmCallMethod(Thread*, Method const*, Object*, JValue*, ...)+20)
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #19 pc 0005b6e3 /system/lib/libdvm.so
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #20 pc 00012f48 /system/lib/libc.so (__thread_entry+108)
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #21 pc 00012650 /system/lib/libc.so (pthread_create+244)
06-02 17:42:01.536 253-253/? I/DEBUG﹕ stack:
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef898 4d0dc729 /system/framework/core.odex
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef89c 543ef8e8 [stack:25542]
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8a0 00000001
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8a4 4096c635 /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+276)
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8a8 50549108
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8ac 4c02ac30 /dev/ashmem/dalvik-LinearAlloc (deleted)
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8b0 418bfc88 /dev/ashmem/dalvik-heap (deleted)
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8b4 418bfc88 /dev/ashmem/dalvik-heap (deleted)
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8b8 4c02ac30 /dev/ashmem/dalvik-LinearAlloc (deleted)
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8bc 5478ac08
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8c0 543ef8e4 [stack:25542]
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8c4 4c02ac30 /dev/ashmem/dalvik-LinearAlloc (deleted)
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8c8 5478ac08
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8cc 40952141 /system/lib/libdvm.so
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8d0 df0027ad
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8d4 00000000
06-02 17:42:01.536 253-253/? I/DEBUG﹕ #00 543ef8d8 00000000
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8dc 0000000a
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef8e0 00001173
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef8e4 00000000
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef8e8 5056ba80
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef8ec 00000000
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef8f0 00000000
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef8f4 40ab4097 /system/lib/libssl.so (ssl3_output_cert_chain+66)
06-02 17:42:01.546 253-253/? I/DEBUG﹕ #01 543ef8f8 5056ba80
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef8fc 40952141 /system/lib/libdvm.so
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef900 00000001
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef904 00000007
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef908 5478ac08
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef90c 50549108
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef910 5478ac08
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef914 4eaf5c71 /system/lib/libjavacore.so
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef918 543ef91c [stack:25542]
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef91c 4eaf9c81 /system/lib/libjavacore.so
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef920 20900021
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef924 54793f44
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef928 54793f44
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef92c 31600009
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef930 5424ba78
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef934 543ef9b8 [stack:25542]
06-02 17:42:01.556 253-253/? I/DEBUG﹕ ........ ........
06-02 17:42:01.556 253-253/? I/DEBUG﹕ #02 543ef9b0 5056ba80
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef9b4 00001001
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef9b8 00000000
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef9bc 00000000
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef9c0 5056ba80
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef9c4 00001170
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef9c8 00001170
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef9cc 40ab7579 /system/lib/libssl.so (ssl3_connect+964)
06-02 17:42:01.566 253-253/? I/DEBUG﹕ memory near r2:
06-02 17:42:01.566 253-253/? I/DEBUG﹕ 00001150 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.566 253-253/? I/DEBUG﹕ 00001160 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.566 253-253/? I/DEBUG﹕ 00001170 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.566 253-253/? I/DEBUG﹕ 00001180 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.566 253-253/? I/DEBUG﹕ 00001190 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.566 253-253/? I/DEBUG﹕ memory near r3:
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 0fffffe0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 0ffffff0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 10000000 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 10000010 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 10000020 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ memory near r8:
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 000011b0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 000011c0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 000011d0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 000011e0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 000011f0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ memory near sl:
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 00001150 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 00001160 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 00001170 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 00001180 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 00001190 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ memory near fp:
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 000011b0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 000011c0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 000011d0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 000011e0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 000011f0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ memory near ip:
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 40ad3ae0 40a1131d 40a11ca3 40a4bab1 4016f200 ...@...@...@...@
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 40ad3af0 409fe3fd 40a4ba0d 40a4ba65 4018b9a5 ...@...@e..@...@
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 40ad3b00 40a1c451 40a0e641 40a39585 40a3955d Q..@A..@...@]..@
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40ad3b10 40a0c2ed 409fe349 4017c3c5 40a0545d ...@I..@...@]T.@
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40ad3b20 4017c485 40a4bb29 40a4ba39 40a4baa5 ...@)..@9..@...@
06-02 17:42:01.596 253-253/? I/DEBUG﹕ memory near sp:
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 543ef8b8 4c02ac30 5478ac08 543ef8e4 4c02ac30 0..L..xT..>T0..L
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 543ef8c8 5478ac08 40952141 df0027ad 00000000 ..xTA!.@.'......
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 543ef8d8 00000000 0000000a 00001173 00000000 ........s.......
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 543ef8e8 5056ba80 00000000 00000000 40ab4097 ..VP.........@.@
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 543ef8f8 5056ba80 40952141 00000001 00000007 ..VPA!.@........
06-02 17:42:01.596 253-253/? I/DEBUG﹕ code around pc:
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40a1c434 602cee62 bdfe4620 5ffffffc 000512e4 b.,` F....._....
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40a1c444 000512c2 000512b4 000512a2 4605b5f7 ...............F
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40a1c454 460c6803 bf22428b 0203ebc1 18406840 .h.F.B".....@h@.
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40a1c464 68aed23d bf22428e 0201ebc3 18c06868 =..h.B".....hh..
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40a1c474 4b1ed235 d90a4299 229f4b1d 92002007 5..K.B...K.". ..
06-02 17:42:01.596 253-253/? I/DEBUG﹕ code around lr:
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40ab4074 f8d110e8 36006094 2601bf18 bf182800 .....`.6...&.(..
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40ab4084 0601f046 2601e000 210a6bec f7f74620 F......&.k.! F..
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40ab4094 4680eabe 4b48b958 1269f240 92002014 ...FX.HK@.i.. ..
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40ab40a4 2193447b f7f72207 4640ea46 f1b9e081 {D.!."..F.@F....
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40ab40b4 d03a0f00 4620b13e 464aa903 fe52f7ff ..:.>. F..JF..R.
我在这里看到了关于这个问题的讨论:https://github.com/square/okhttp/issues/184,但我认为它在2.0.0中被修复。 (此外,我使用自己的SSL上下文而不是默认的一个)。
我试过URL.setURLStreamHandlerFactory(new OkHttpClient());
(OkHttp 1.6.0),但它也没有帮助。
我也读过:https://code.google.com/p/android/issues/detail?id = 35326,但没有有用的信息。
我做错了什么,或者OkHttp仍然存在SSLContext
问题?
@编辑
HTC ONE S(S4)4.1.1股票
@ EDIT2
现在不确定是否真的okHttp故障。 我创建密钥库(或向其添加密钥)的方式有些不对。 此刻,我的信任库在res / raw中为.bks文件,并且我的密钥库在运行时期间正在动态创建:
keyStore = KeyStore.getInstance("BKS");
keyStore.load(null, "password".toCharArray());
将密钥保存至密钥库:
public void saveKeyToKeystore(KeyPair keyPair, String stringCertificate, String alias, char[] password) {
try {
PrivateKey myKey = keyPair.getPrivate();
Certificate[] chain = new X509Certificate[1];
X509Certificate certificate = parseCertificate(stringCertificate);
chain[0] = certificate;
keyStore.setKeyEntry(alias, myKey, password, chain);
saveKeyStore();
} catch (Exception e) {
e.printStackTrace();
}
}
但是当我在android应用程序之外创建我的密钥库时,使用openssl工具并将其存储在pkcs12 keystore中,一切正常!
@ EDIT3
在Android 4.1.2 + okHttp不会崩溃(请参阅上面链接的code.google [...]的讨论),但我有以下错误,说明键值不匹配
error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
@ edit4
好吧,现在我知道什么是错的。 在创建ma证书链以便将密钥保存到密钥库时,我不必使用rootCA(用于签署我的证书)。 现在我的Certificate
数组链只包含一个证书。
上面的代码正在工作,我改变了所有糟糕的行!
但是,仍然不知道为什么okHttp坠毁。
@ edit5
如果key / cert存在任何错误,keystore不会抛出错误并让我保存它的内容。 但是,当keystore条目不正确时okHttp崩溃。
呸。 您能否将此举报告给OkHttp问题跟踪器? 我的猜测是,有些东西与OkHttp共享SSL上下文,并且不起作用。
链接地址: http://www.djcxy.com/p/29503.html上一篇: OkHttp + Retrofit libssl crash in two way SSL authentication