我正在开发一个与Web服务器通信的android应用程序。我们使用HTTPS进行此通信,并且我们在android应用程序内部还有一个用于身份验证的客户端证书。Android - SSL/TLS和ECC(椭圆曲线加密)
我们使用ECC(ANSI x9.62)创建了SSL证书,以便拥有非常小的证书,因此我们可以在握手期间降低传输成本。
的通信的源代码是或多或少是这样的:
InputStream keystoreIs = getResources().openRawResource(R.raw.client_bks);
KeyStore keystore = KeyStore.getInstance("BKS");
keystore.load(keystoreIs, KEYSTORE_PASSWORD);
SSLSocketFactory socketFactory = new SSLSocketFactory(keystore, KEYSTORE_PASSWORD, keystore);
Scheme serverScheme = new Scheme("https", socketFactory, SERVER_PORT);
HttpClient httpclient = new DefaultHttpClient();
httpclient.getConnectionManager().getSchemeRegistry().register(iServerScheme);
HttpPost httppost = new HttpPost(SERVER_URL);
HttpResponse response = httpclient.execute(httppost);
的问题是,当我们尝试连接,我们有这样的错误:
E/NativeCrypto(4744): Unknown error 5 during connect
W/System.err(4744): java.io.IOException: SSL handshake failure: I/O error during system call, Connection reset by peer
W/System.err(4744): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.nativeconnect(Native Method)
W/System.err(4744): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:316)
W/System.err(4744): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl$SSLInputStream.(OpenSSLSocketImpl.java:520)
W/System.err(4744): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:461)
W/System.err(4744): at org.apache.http.impl.io.SocketInputBuffer.(SocketInputBuffer.java:93)
W/System.err(4744): at org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java:83)
W/System.err(4744): at org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java:170)
W/System.err(4744): at org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java:106)
W/System.err(4744): at org.apache.http.impl.conn.DefaultClientConnection.openCompleted(DefaultClientConnection.java:129)
(...)
我们将不胜感激。先谢谢你!!
2012-02-02
Kosmo
+1
您确定客户端和服务器均支持ECC证书吗? ECC是一种罕见的鸟。 –
2012-02-02 15:53:00
+0
我知道IIS证书支持ECC证书,因为我使用IExplorer和Firefox进行了测试。我不知道的是,如果ECC证书是由android支持的。我在Android上使用ECC密码进行一些小测试,但不了解证书。 –
2012-02-03 07:07:28