最近在做高德地图SDK开发,遇到一个SSL证书报错的问题,虽然该问题出现概率极低,还是记录一下,以防止以后遇到类似的问题。
报错信息如下:
System.err: javax.net.ssl.SSLHandshakeException: Chain validation failed
System.err: at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:229)
System.err: at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:192)
System.err: at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:149)
System.err: at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:112)
System.err: at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
System.err: at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
System.err: at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
System.err: at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:281)
System.err: at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:224)
System.err: at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:461)
System.err: at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
System.err: at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:258)
System.err: at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getOutputStream(DelegatingHttpsURLConnection.java:218)
System.err: at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:26)
System.err: at com.amap.api.col.n3.pk.a(HttpUrlUtil.java:392)
System.err: at com.amap.api.col.n3.ph.a(BaseNetManager.java:242)
System.err: at com.amap.api.col.n3.na.b(AuthConfigManager.java:364)
System.err: at com.amap.api.col.n3.na.a(AuthConfigManager.java:335)
System.err: at com.amap.api.col.n3.lq.c(AuthUtils.java:39)
System.err: at com.amap.api.col.n3.lq
1.
r
u
n
(
A
u
t
h
U
t
i
l
s
.
j
a
v
a
:
88
)
S
y
s
t
e
m
.
e
r
r
:
a
t
j
a
v
a
.
u
t
i
l
.
c
o
n
c
u
r
r
e
n
t
.
T
h
r
e
a
d
P
o
o
l
E
x
e
c
u
t
o
r
.
r
u
n
W
o
r
k
e
r
(
T
h
r
e
a
d
P
o
o
l
E
x
e
c
u
t
o
r
.
j
a
v
a
:
1167
)
S
y
s
t
e
m
.
e
r
r
:
a
t
j
a
v
a
.
u
t
i
l
.
c
o
n
c
u
r
r
e
n
t
.
T
h
r
e
a
d
P
o
o
l
E
x
e
c
u
t
o
r
1.run(AuthUtils.java:88) System.err: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167) System.err: at java.util.concurrent.ThreadPoolExecutor
1.run(AuthUtils.java:88)System.err:atjava.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)System.err:atjava.util.concurrent.ThreadPoolExecutorWorker.run(ThreadPoolExecutor.java:641)
System.err: at java.lang.Thread.run(Thread.java:764)
System.err: Caused by: java.security.cert.CertificateException: Chain validation failed
System.err: at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:707)
System.err: at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:539)
System.err: at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:560)
System.err: at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:605)
System.err: at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495)
System.err: at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:418)
System.err: at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:339)
System.err: at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
System.err: at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
System.err: at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:208)
System.err: at com.android.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(ConscryptFileDescriptorSocket.java:404)
System.err: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
System.err: at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:375)
System.err: at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:224)
System.err: … 22 more
System.err: Caused by: java.security.cert.CertPathValidatorException: timestamp check failed
System.err: at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
System.err: at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:222)
System.err: at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140)
System.err: at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
System.err: at java.security.cert.CertPathValidator.validate(CertPathValidator.java:301)
System.err: at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:703)
System.err: … 35 more
System.err: Caused by: java.security.cert.CertificateNotYetValidException: Certificate not valid until Mon Jun 10 03:22:11 GMT 2019 (compared to Mon Jun 03 21:23:28 GMT 2019)
System.err: at com.android.org.conscrypt.OpenSSLX509Certificate.checkValidity(OpenSSLX509Certificate.java:261)
System.err: at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:194)
System.err: at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:144)
System.err: at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
System.err: … 40 more
解析:
第一个报错: javax.net.ssl.SSLHandshakeException: Chain validation failed,SSL握手异常,链验证失败
可以看出证书失效,握手失败。
第二个报错:Caused by: java.security.cert.CertificateException: Chain validation failed,证书异常,脸验证失败
证书异常,导致了SSL握手失败,造成了第一个报错
第三个报错:Caused by: java.security.cert.CertificateNotYetValidException: Certificate not valid until Mon Jun 10 03:22:11 GMT 2019 (compared to Mon Jun 03 21:23:28 GMT 2019),证书无效异常,证书在6月10日之后生效,而目前的日期是6月3日
这时候,报错的原因就明了了,证书无效,导致了SSL网络通信失败。
SSL介绍:
SSL证书是保护网站信息的安全协议,也是目前互联网站点必备的安全协议。因为SSL是HTTP加密传输协议的必备载体,可保护客户端与服务端之间的数据传输安全。
解决方法:
证书的生效日期在6月10日之后,二安卓设备的时间还是在6月3日,导致了SSL证书失效报错。所以修改安卓设备时间到6月10日之后即可解决该问题。
测试ok。