javax.net.ssl.SSLHandshakeException: Unacceptable certificate: CN=GeoTrust SSL C

最近从Android N升级到Android O,发现163的邮箱以pop3,110,SSL/TSL方式登录的时候会弹出Unacceptable certificate: CN=GeoTrust SSL CA.

从字面看出是证书有问题,将N的代码和O的代码进行对比,发现关于对应的部分都没有修改,很纳闷啊。再细细跟着代码流程,最后将 exception通过printStackTrace();打印详细信息才发现原来是手机时间设置了1970年导致证书无效了

01-06 20:05:40.496 3969 415 D Email : startHandshake ....
01-06 20:05:40.544 3969 415 W System.err: javax.net.ssl.SSLHandshakeException: Unacceptable certificate: CN=GeoTrust SSL CA - G3, O=GeoTrust Inc., C=US
01-06 20:05:40.544 3969 415 W System.err: at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:219)
01-06 20:05:40.544 3969 415 W System.err: at com.android.emailcommon.utility.SSLSocketFactoryWrapper.verifyHostname(SSLSocketFactoryWrapper.java:246)
01-06 20:05:40.544 3969 415 W System.err: at com.android.emailcommon.utility.SSLSocketFactoryWrapper.createSocket(SSLSocketFactoryWrapper.java:131)
01-06 20:05:40.544 3969 415 W System.err: at com.android.email.mail.transport.MailTransport.reopenTls(MailTransport.java:172)
01-06 20:05:40.544 3969 415 W System.err: at com.android.email.mail.store.Pop3Store$Pop3Folder.open(Pop3Store.java:225)
01-06 20:05:40.544 3969 415 W System.err: at com.android.email.mail.store.Pop3Store.checkSettings(Pop3Store.java:137)
01-06 20:05:40.544 3969 415 W System.err: at com.android.email.activity.setup.AccountCheckSettingsFragment$AccountCheckTask.doInBackground(AccountCheckSettingsFragment.java:385)
01-06 20:05:40.544 3969 415 W System.err: at com.android.email.activity.setup.AccountCheckSettingsFragment$AccountCheckTask.doInBackground(AccountCheckSettingsFragment.java:345)
01-06 20:05:40.544 3969 415 W System.err: at android.os.AsyncTask$2.call(AsyncTask.java:333)
01-06 20:05:40.544 3969 415 W System.err: at java.util.concurrent.FutureTask.run(FutureTask.java:266)
01-06 20:05:40.545 3969 415 W System.err: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
01-06 20:05:40.545 3969 415 W System.err: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
01-06 20:05:40.545 3969 415 W System.err: at java.lang.Thread.run(Thread.java:764)
01-06 20:05:40.546 3969 415 W System.err: Caused by: java.security.cert.CertificateException: Unacceptable certificate: CN=GeoTrust SSL CA - G3, O=GeoTrust Inc., C=US
01-06 20:05:40.546 3969 415 W System.err: at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:598)
01-06 20:05:40.546 3969 415 W System.err: at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495)
01-06 20:05:40.546 3969 415 W System.err: at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:418)
01-06 20:05:40.546 3969 415 W System.err: at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:339)
01-06 20:05:40.546 3969 415 W System.err: at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
01-06 20:05:40.546 3969 415 W System.err: at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
01-06 20:05:40.546 3969 415 W System.err: at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:197)
01-06 20:05:40.546 3969 415 W System.err: at com.android.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(ConscryptFileDescriptorSocket.java:399)
01-06 20:05:40.546 3969 415 W System.err: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
01-06 20:05:40.546 3969 415 W System.err: at com.android.org.conscrypt.SslWrapper.doHandshake(SslWrapper.java:374)
01-06 20:05:40.546 3969 415 W System.err: at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:217)
01-06 20:05:40.547 3969 415 W System.err: ... 12 more
01-06 20:05:40.547 3969 415 W System.err: Caused by: java.security.cert.CertificateNotYetValidException: Certificate not valid until Tue Nov 05 21:36:50 GMT+00:00 2013 (compared to Tue Jan 06 20:05:40 GMT+00:00 1970)
01-06 20:05:40.547 3969 415 W System.err: at com.android.org.conscrypt.OpenSSLX509Certificate.checkValidity(OpenSSLX509Certificate.java:239)
01-06 20:05:40.547 3969 415 W System.err: at com.android.org.conscrypt.OpenSSLX509Certificate.checkValidity(OpenSSLX509Certificate.java:232)
01-06 20:05:40.547 3969 415 W System.err: at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:595)
01-06 20:05:40.547 3969 415 W System.err: ... 22 more
01-06 20:05:40.547 3969 415 D Email : javax.net.ssl.SSLHandshakeException: Unacceptable certificate: CN=GeoTrust SSL CA - G3, O=GeoTrust Inc., C=US

将手机时间调到当前时间,即可解决此问题。

[url]http://androidxref.com/8.0.0_r4/xref/packages/apps/Dialer/java/com/android/voicemail/impl/mail/MailTransport.java[/url]
javax.net.ssl.SSLHandshakeException: Unacceptable certificate错误是由于访问的域名证书不在有效期内或者JDK中不存在该证书的信任导致的。解决这个问题的方法有以下几种: 1. 更新JDK信任库:可以通过更新JDK的信任库来解决该问题。可以使用以下命令将证书添加到信任库中: ```shell keytool -import -alias <alias> -keystore <path_to_truststore> -file <path_to_certificate> ``` 其中,`<alias>`是证书的别名,`<path_to_truststore>`是信任库的路径,`<path_to_certificate>`是证书的路径。 2. 忽略证书验证:在某些情况下,可以选择忽略证书验证来解决该问题。可以通过以下代码来实现: ```java TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted( java.security.cert.X509Certificate[] certs, String authType) { } public void checkServerTrusted( java.security.cert.X509Certificate[] certs, String authType) { } } }; SSLContext sc = SSLContext.getInstance("TLS"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); ``` 3. 添加自定义信任证书:如果访问的是自签名证书或者不受信任的证书,可以将该证书添加到信任库中。可以使用以下命令将证书添加到信任库中: ```shell keytool -import -alias <alias> -keystore <path_to_truststore> -file <path_to_certificate> ``` 其中,`<alias>`是证书的别名,`<path_to_truststore>`是信任库的路径,`<path_to_certificate>`是证书的路径。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值