Geek Answers Handbook

Client certificate error with jelly beans

On Android, I use TLS with mutual authentication with a client certificate created using this code.

private static X509Certificate generateX509V1Certificate(KeyPair pair, SecureRandom sr) { String dn="CN="+sUuid.toString(); final Calendar calendar = Calendar.getInstance(); calendar.add(Calendar.HOUR, -1); final Date startDate = new Date(calendar.getTimeInMillis()); calendar.add(Calendar.YEAR, 1); final Date expiryDate = new Date(calendar.getTimeInMillis()); final BigInteger serialNumber = BigInteger.valueOf(Math.abs(System.currentTimeMillis())); X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X500Principal dnName = new X500Principal(dn); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(dnName); certGen.setNotBefore(startDate); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(dnName); // note: same as issuer certGen.setPublicKey(pair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); if (VERSION.SDK_INT<VERSION_CODES.GINGERBREAD) return certGen.generateX509Certificate(pair.getPrivate(), "BC"); else return certGen.generate(pair.getPrivate(), sr); }

The key pair algorithm is "RSA". The encryption algorithm is "RSA / ECB / PKCS1Padding".

It works great up to the Jelly Bean version.

With jelly bean, I get an error when called

 socket.getSession().getPeerCertificates()

The process was killed in the log:

 E/NativeCrypto(1133): error:140C10F7:SSL routines:SSL_SET_PKEY:unknown certificate type A/libc(1133): Fatal signal 11 (SIGSEGV) at 0x00000000 (code=1), thread 1233 (AsyncTask #1)

I have no idea how I can solve this error.

Could you help me?

+4
source share
2 answers

Drop the generated certificate into a file and try to parse it with OpenSSL 1.0. This is the same code that Android uses for certificate analysis, so it should help you find the error. Perhaps they just no longer support v1 certificates, you can try creating v3.

+2
source

I had this problem and another error with the following error: Fatal signal 11 (SIGSEGV) at 0x3f80005c (code = 1), stream 11709 (FinalizerDaemon)

They started happening randomly when I upgraded to 4.1.1 on the Galaxy S3 in an application that uses SSL client authentication using keys from the KeyChain API.

It worked great on 4.0.4 (I was soon able to downgrade).

I'm not 100% sure, but 4.1.1 seems to have a lot of SSL related errors - check this out: http://code.google.com/p/android/issues/detail?id=35141 as well as this one: http://code.google.com/p/android/issues/detail?id=34577 (maybe this does not apply to the current case) Also there is a message on this forum: https://groups.google.com/forum/? fromgroups = #! topic / android-developers / Lj2iHX4prds is a mention of SEGFAULT when executing the GC on the PrivateKey object returned from the KeyChain API.

So, as a final tip - stay on 4.0.4 for as long as you can, or go to 4.1.2 - there seem to be some bug fixes.

I can also confirm that the two problems that I had are missing on the 4.1.2 emulator. There is no 4.1.2 image for the Galaxy S3, so I cannot confirm them as fixed for the real device (they have no other).

Hope hep.

+2
source

More articles:


All Articles