Archived
This forum has been archived. Please start a new discussion on GitHub.
Glacier2 on Android client. Problem with IceSSL plugin.
Hi
I'm trying to make SSL connection from Android to server. I'm using
standart SSL certificates from Ice.
SSL configuration from config.glacier2 on server side:
Client code:
In LogCat only:
Message from server:
Python client is connecting to this server normally. Session without SSL works too. Could anybody say me where I made mistake?
Thanks.
I'm trying to make SSL connection from Android to server. I'm using
standart SSL certificates from Ice.
SSL configuration from config.glacier2 on server side:
Ice.Plugin.IceSSL=IceSSL:createIceSSL IceSSL.CertAuthFile=cacert.pem IceSSL.CertFile=s_rsa1024_pub.pem IceSSL.KeyFile=s_rsa1024_priv.pem
Client code:
initData.properties = Ice.Util.createProperties();
initData.properties.setProperty("Ice.ACM.Client", "0");
initData.properties.setProperty("Ice.RetryIntervals", "-1");
initData.properties.setProperty("Ice.Trace.Network", "0");
initData.properties.setProperty("Ice.Plugin.IceSSL", "IceSSL.PluginFactory");
initData.properties.setProperty("IceSSL.Trace.Security", "1");
initData.properties.setProperty("IceSSL.DefaultDir", "/data/data/certs");
initData.properties.setProperty("IceSSL.CertAuthFile", "cacert.pem");
initData.properties.setProperty("IceSSL.CertFile", "c_rsa1024_pub.pem");
initData.properties.setProperty("IceSSL.KeyFile", "c_rsa1024_priv.pem");
initData.properties.setProperty("IceSSL.Password", "password");
_communicator = Ice.Util.initialize(initData);
In LogCat only:
OpenSSLSocketImpl - Unknown error 1 during connect
Message from server:
error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
Python client is connecting to this server normally. Session without SSL works too. Could anybody say me where I made mistake?
Thanks.
0
Comments
-
That isn't how you setup SSL with an Ice for Android application. In fact, that isn't how you setup SSL with any Java application; java applications use java keystore files, not the raw PEM files.
See the Ice for Android hello demo for an example of how to do this correctly. Note that as note in the Ice for Android release notes, the Android SSL implementation is very buggy. I recommend not using it, unless absolutely necessary.0 -
Thank you for your answer.
I tried use keystore files and functions setKeystoreStream() and setTruststoreStream() but I got the same error: "peer did not return a certificate".
I'm using Android 1.6 SDK. Can result depend on SDK version?0 -
Its possible that this is caused by a difference in Android SDKs, since we haven't tested with 1.6. The simplest way to find out is to try the demos that accompany the Ice for Android distribution. If the demo works, and your application doesn't, then you can start looking for differences.0
