Geek Answers Handbook

Https connection, differences between Android 2.3 and 4

I am working on a project that retrieves images from different servers (http and https).

I found this useful Q / A to avoid the problem with No peer certificate error in Android 2.3, but I don’t understand why in Android 4 (> 3) this problem (" No peer certificate error ") did not appear.

Please correct me if I am wrong:

  • In Android 2.3, an HTTPS connection verifies all certificates (and handshakes);
  • In Android> 3, the HTTPS connection is established even if the handshake does not work (for example: my application, as a peer, does not have a certificate).

What is the difference between this version of Android? Why do I need to trust everyone in Android 2.3 and not in Android 4?

Why in Android 2.3 I get the following exception: "javax.net.ssl.SSLPeerUnverifiedException: No peer certificate error" while in Android 4 everything is working fine and the connection is established?

Is everything related to SNI Server Name Indication Introduced in Android Honeycomb ?

+6
source share
1 answer

Your certification authority is probably not listed in version 2.3.3 of Android, but is in version 4.x. To make sure that the keystore is saved on both devices.

Using ADB from the command line, you can dump the android keystore into a file and check if this issuer is available in the keystore (maybe it should be root). adb pull / system / etc / security / cacerts.bks cacerts.bks

Download and install Portecle (from: http://portecle.sourceforge.net/ ) Select File / Open Keystore ... and select the cacerts.bks file. Select Tools / Keystore Report and copy this information into a text editor to find the CN specified in the certificate found in the web browser. In my case, I could not find it from "Cybertrust Public SureServer SV CA".

Go to the site you are interested in using https://example.website.com/ in your web browser and find out who CN is. Compare this to the keystore as shown above. If it is not in the keystore, you will need to add it.

NOTE. Android 4.0 phones have a different way of storing certificates and do not use the cacerts.bks file mentioned below. For them, you can open the desired https site in a web browser and thus add the necessary certificates.

I had problems connecting to facebook and redbox. To fix my problem and renew my Android 2.3.3 phone certificates, I copied it from Android 3.2 emulator and placed it on my phone:

  • Create and run the Android 3.2 virtual device.
  • Copy the cacerts.bks file from the emulator (make sure your other device is not connected). adb pull / system / etc / security / cacerts.bks cacerts.bks
  • Turn off the emulator.
  • Connect your device to the update (must be root). You may need to reinstall / system folder as rw for read / write capabilities. For installation questions, see this link.
  • Save a copy of the old certificate file from your device: adb pull / system / etc / security / cacerts.bks cacerts.bks.old
  • Place the updated certificate file on your adb push device cacerts.bks / system / etc / security /
  • Reboot the device.
  • Reconnect and check if the new cacert file has been downloaded.
+2
source

More articles:


All Articles