OkHttp + Retrofit libssl crash in two way SSL authentication
OkHttp: 2.0.0-RC1, Retrofit:1.5.1.
I'm creating okHttp client as mentioned here: NoSuchMethodError if i am using okhttp 2.0 and the latest retrofit? and setting my own SSLScoketFactory
, and initializing SSLContext
like this
KeyStore keyStore = App.getInstance().getKeyStoreUtil().getKeyStore();
KeyStore trustStore = App.getInstance().getKeyStoreUtil().getTrustStore();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(trustStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, AppConfig.KEYSTORE_PASSWORD);
final X509KeyManager origKm = (X509KeyManager) kmf.getKeyManagers()[0];
//it's standard X509KeyManager, I've put some logging there
X509KeyManager km = new MyKeyManager(origKm);
SSLContext sslCtx = SSLContext.getInstance("TLS");
sslCtx.init(new KeyManager[]{km}, tmf.getTrustManagers(), null);
client.setSslSocketFactory(sslCtx.getSocketFactory());
client.setHostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
When i try to estabilish two way auth SSL connection, every time app crashes with following log:
06-02 17:42:01.215 25176-25542/pl.oneapp.sugarloaf A/libc﹕ Fatal signal 11 (SIGSEGV) at 0x00000000 (code=1), thread 25542 (IntentService[P)
06-02 17:42:01.236 253-253/? I/DEBUG﹕ debuggerd: 2014-06-02 17:42:01
06-02 17:42:01.236 253-253/? I/DEBUG﹕ *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
06-02 17:42:01.236 253-253/? I/DEBUG﹕ Build fingerprint: 'tmo_de/ville/ville:4.1.1/JRO03C/148618.10:user/release-keys'
06-02 17:42:01.236 253-253/? I/DEBUG﹕ pid: 25176, tid: 25542, name: IntentService[P >>> pl.oneapp.sugarloaf <<<
06-02 17:42:01.236 253-253/? I/DEBUG﹕ debuggerd: checkTellHTCSettings
06-02 17:42:01.256 253-253/? I/DEBUG﹕ signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 00000000
06-02 17:42:01.486 253-253/? I/DEBUG﹕ r0 00000000 r1 0000000a r2 00001173 r3 10000000
06-02 17:42:01.486 253-253/? I/DEBUG﹕ r4 00000000 r5 00000000 r6 00000000 r7 00000000
06-02 17:42:01.486 253-253/? I/DEBUG﹕ r8 000011d0 r9 00000000 sl 00001173 fp 000011d0
06-02 17:42:01.486 253-253/? I/DEBUG﹕ ip 40ad3b00 sp 543ef8d8 lr 40ab4097 pc 40a1c454 cpsr 28000030
06-02 17:42:01.486 253-253/? I/DEBUG﹕ d0 686320726f727245 d1 7020676e696b6365
06-02 17:42:01.486 253-253/? I/DEBUG﹕ d2 6b20657461766972 d3 3d6c7373203a7965
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d4 72307d503389e03e d5 1d7b8760438f005a
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d6 0a9bbe21ecb6ae8c d7 723f33a5fd51fd91
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d8 0000000000000000 d9 4407000000000000
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d10 0000000044548000 d11 0000000000000000
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d12 0000000000000000 d13 0000000000000000
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d14 0000000000000000 d15 0000000000000000
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d16 6c616e7265747865 d17 6c73736e65706f2f
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d18 6974756f72204c53 d19 5f4c53533a73656e
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d20 72705f6b63656863 d21 656b5f6574617669
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d22 697270206f6e3a79 d23 79656b2065746176
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d24 0000000000000001 d25 0000000000000019
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d26 0000000000000000 d27 0000000000000000
06-02 17:42:01.506 253-253/? I/DEBUG﹕ d28 0000000000000009 d29 0020001f001e001c
06-02 17:42:01.506 253-253/? I/DEBUG﹕ d30 0050005000500050 d31 0000000000000000
06-02 17:42:01.506 253-253/? I/DEBUG﹕ scr 68000013
06-02 17:42:01.516 253-253/? I/DEBUG﹕ backtrace:
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #00 pc 00055454 /system/lib/libcrypto.so (BUF_MEM_grow_clean+3)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #01 pc 00015093 /system/lib/libssl.so (ssl3_output_cert_chain+62)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #02 pc 00018199 /system/lib/libssl.so (ssl3_send_client_certificate+244)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #03 pc 00018575 /system/lib/libssl.so (ssl3_connect+960)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #04 pc 00023923 /system/lib/libssl.so (SSL_connect+18)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #05 pc 000114f7 /system/lib/libssl.so (ssl23_connect+1970)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #06 pc 0002385b /system/lib/libssl.so (SSL_do_handshake+66)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #07 pc 00020cdf /system/lib/libjavacore.so
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #08 pc 0001f6f0 /system/lib/libdvm.so (dvmPlatformInvoke+112)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #09 pc 0005269b /system/lib/libdvm.so (dvmCallJNIMethod(unsigned int const*, JValue*, Method const*, Thread*)+422)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #10 pc 00028ba0 /system/lib/libdvm.so
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #11 pc 0002eb60 /system/lib/libdvm.so (dvmInterpret(Thread*, Method const*, JValue*)+228)
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #12 pc 00068631 /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+272)
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #13 pc 0006865b /system/lib/libdvm.so (dvmCallMethod(Thread*, Method const*, Object*, JValue*, ...)+20)
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #14 pc 0007853b /system/lib/libdvm.so
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #15 pc 00028ba0 /system/lib/libdvm.so
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #16 pc 0002eb60 /system/lib/libdvm.so (dvmInterpret(Thread*, Method const*, JValue*)+228)
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #17 pc 00068631 /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+272)
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #18 pc 0006865b /system/lib/libdvm.so (dvmCallMethod(Thread*, Method const*, Object*, JValue*, ...)+20)
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #19 pc 0005b6e3 /system/lib/libdvm.so
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #20 pc 00012f48 /system/lib/libc.so (__thread_entry+108)
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #21 pc 00012650 /system/lib/libc.so (pthread_create+244)
06-02 17:42:01.536 253-253/? I/DEBUG﹕ stack:
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef898 4d0dc729 /system/framework/core.odex
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef89c 543ef8e8 [stack:25542]
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8a0 00000001
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8a4 4096c635 /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+276)
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8a8 50549108
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8ac 4c02ac30 /dev/ashmem/dalvik-LinearAlloc (deleted)
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8b0 418bfc88 /dev/ashmem/dalvik-heap (deleted)
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8b4 418bfc88 /dev/ashmem/dalvik-heap (deleted)
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8b8 4c02ac30 /dev/ashmem/dalvik-LinearAlloc (deleted)
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8bc 5478ac08
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8c0 543ef8e4 [stack:25542]
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8c4 4c02ac30 /dev/ashmem/dalvik-LinearAlloc (deleted)
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8c8 5478ac08
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8cc 40952141 /system/lib/libdvm.so
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8d0 df0027ad
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8d4 00000000
06-02 17:42:01.536 253-253/? I/DEBUG﹕ #00 543ef8d8 00000000
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8dc 0000000a
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef8e0 00001173
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef8e4 00000000
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef8e8 5056ba80
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef8ec 00000000
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef8f0 00000000
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef8f4 40ab4097 /system/lib/libssl.so (ssl3_output_cert_chain+66)
06-02 17:42:01.546 253-253/? I/DEBUG﹕ #01 543ef8f8 5056ba80
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef8fc 40952141 /system/lib/libdvm.so
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef900 00000001
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef904 00000007
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef908 5478ac08
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef90c 50549108
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef910 5478ac08
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef914 4eaf5c71 /system/lib/libjavacore.so
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef918 543ef91c [stack:25542]
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef91c 4eaf9c81 /system/lib/libjavacore.so
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef920 20900021
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef924 54793f44
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef928 54793f44
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef92c 31600009
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef930 5424ba78
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef934 543ef9b8 [stack:25542]
06-02 17:42:01.556 253-253/? I/DEBUG﹕ ........ ........
06-02 17:42:01.556 253-253/? I/DEBUG﹕ #02 543ef9b0 5056ba80
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef9b4 00001001
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef9b8 00000000
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef9bc 00000000
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef9c0 5056ba80
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef9c4 00001170
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef9c8 00001170
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef9cc 40ab7579 /system/lib/libssl.so (ssl3_connect+964)
06-02 17:42:01.566 253-253/? I/DEBUG﹕ memory near r2:
06-02 17:42:01.566 253-253/? I/DEBUG﹕ 00001150 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.566 253-253/? I/DEBUG﹕ 00001160 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.566 253-253/? I/DEBUG﹕ 00001170 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.566 253-253/? I/DEBUG﹕ 00001180 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.566 253-253/? I/DEBUG﹕ 00001190 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.566 253-253/? I/DEBUG﹕ memory near r3:
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 0fffffe0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 0ffffff0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 10000000 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 10000010 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 10000020 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ memory near r8:
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 000011b0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 000011c0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 000011d0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 000011e0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 000011f0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ memory near sl:
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 00001150 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 00001160 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 00001170 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 00001180 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 00001190 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ memory near fp:
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 000011b0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 000011c0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 000011d0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 000011e0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 000011f0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ memory near ip:
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 40ad3ae0 40a1131d 40a11ca3 40a4bab1 4016f200 ...@...@...@...@
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 40ad3af0 409fe3fd 40a4ba0d 40a4ba65 4018b9a5 ...@...@e..@...@
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 40ad3b00 40a1c451 40a0e641 40a39585 40a3955d Q..@A..@...@]..@
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40ad3b10 40a0c2ed 409fe349 4017c3c5 40a0545d ...@I..@...@]T.@
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40ad3b20 4017c485 40a4bb29 40a4ba39 40a4baa5 ...@)..@9..@...@
06-02 17:42:01.596 253-253/? I/DEBUG﹕ memory near sp:
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 543ef8b8 4c02ac30 5478ac08 543ef8e4 4c02ac30 0..L..xT..>T0..L
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 543ef8c8 5478ac08 40952141 df0027ad 00000000 ..xTA!.@.'......
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 543ef8d8 00000000 0000000a 00001173 00000000 ........s.......
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 543ef8e8 5056ba80 00000000 00000000 40ab4097 ..VP.........@.@
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 543ef8f8 5056ba80 40952141 00000001 00000007 ..VPA!.@........
06-02 17:42:01.596 253-253/? I/DEBUG﹕ code around pc:
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40a1c434 602cee62 bdfe4620 5ffffffc 000512e4 b.,` F....._....
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40a1c444 000512c2 000512b4 000512a2 4605b5f7 ...............F
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40a1c454 460c6803 bf22428b 0203ebc1 18406840 .h.F.B".....@h@.
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40a1c464 68aed23d bf22428e 0201ebc3 18c06868 =..h.B".....hh..
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40a1c474 4b1ed235 d90a4299 229f4b1d 92002007 5..K.B...K.". ..
06-02 17:42:01.596 253-253/? I/DEBUG﹕ code around lr:
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40ab4074 f8d110e8 36006094 2601bf18 bf182800 .....`.6...&.(..
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40ab4084 0601f046 2601e000 210a6bec f7f74620 F......&.k.! F..
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40ab4094 4680eabe 4b48b958 1269f240 92002014 ...FX.HK@.i.. ..
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40ab40a4 2193447b f7f72207 4640ea46 f1b9e081 {D.!."..F.@F....
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40ab40b4 d03a0f00 4620b13e 464aa903 fe52f7ff ..:.>. F..JF..R.
I've seen discussion about this problem here: https://github.com/square/okhttp/issues/184, but I thought it was fixed in 2.0.0. (moreover, I'm using my own SSL context not default one).
I've tried URL.setURLStreamHandlerFactory(new OkHttpClient());
(OkHttp 1.6.0), but it didn't help either.
Also I've read this: https://code.google.com/p/android/issues/detail?id=35326, but no usefull information there.
Am I doing something wrong, or OkHttp still have problems with SSLContext
?
@edit
HTC ONE S (S4) 4.1.1 Stock
@edit2
Not sure now if it's really okHttp fault. Something is wrong with way I create my keystore (or with adding keys to it). At this moment my truststore is in res/raw as .bks file, and my keystore is creating dynamically during runtime:
keyStore = KeyStore.getInstance("BKS");
keyStore.load(null, "password".toCharArray());
Saving key to keystore:
public void saveKeyToKeystore(KeyPair keyPair, String stringCertificate, String alias, char[] password) {
try {
PrivateKey myKey = keyPair.getPrivate();
Certificate[] chain = new X509Certificate[1];
X509Certificate certificate = parseCertificate(stringCertificate);
chain[0] = certificate;
keyStore.setKeyEntry(alias, myKey, password, chain);
saveKeyStore();
} catch (Exception e) {
e.printStackTrace();
}
}
But when I created my keystore outside android application, using openssl tool and stored it in pkcs12 keystore everything worked fine!
@edit3
On android 4.1.2 + okHttp doesn't crash (see discussion from code.google[...] linked above) but i've got following error saying that key values doesn't match
error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
@edit4
Ok, now I know what was wrong. While creating ma certificate chain in order to save key into keystore I don't have to use rootCA (which was used to sign my certificate). Now my Certificate
array chain consist of only one certificate.
Above code is working, I've changed all lines that was bad!
However, still no idea why okHttp crashed.
@edit5
If anything is wrong with key/cert keystore won't throw error and let me save it's content. But okHttp crashes when keystore entry isn't correct.
Yuck. Can you please report this to the OkHttp issues tracker? My guess is that something is sharing the SSL context with OkHttp, and that doesn't work.
链接地址: http://www.djcxy.com/p/29504.html