[MOD-2295] Appcelerator HTTPS module not working with android device
| GitHub Issue | n/a |
|---|---|
| Type | Bug |
| Priority | Critical |
| Status | Closed |
| Resolution | Fixed |
| Resolution Date | 2016-10-20T08:56:10.000+0000 |
| Affected Version/s | n/a |
| Fix Version/s | https 1.1.4 |
| Components | Https |
| Labels | appcelerator, module |
| Reporter | jayesh joshi |
| Assignee | Christopher Williams |
| Created | 2016-08-29T12:38:34.000+0000 |
| Updated | 2018-08-06T17:49:32.000+0000 |
Description
Sub : Appcelrator HTTPS module error.
I have written code for iOS certification pinning its working perfect.
Now I run same code on android device but it goes in XHR error every time .
Below is code and error description.
if (url.indexOf("SSOURL") > -1) {
var httpsCertificate = Alloy.CFG.STS_CERTIFICATE;
} else {
var httpsCertificate = Alloy.CFG.REST_CERTIFICATE;
}
Ti.API.info('Certificate >>'+httpsCertificate);
var securityManager = https.createX509CertificatePinningSecurityManager([{
url : url,
serverCertificate : httpsCertificate
}]);
if (Ti.Network.online) {
var xhr = Ti.Network.createHTTPClient({
timeout : 40000,
securityManager: securityManager
});
xhr.open(method, url);
}
Attachments
| File | Date | Size |
|---|---|---|
| appcelerator.https-android-1.1.3.zip | 2016-10-08T14:41:33.000+0000 | 2490206 |
| screenshot-1.png | 2016-09-06T14:38:17.000+0000 | 218346 |
| screenshot-2.png | 2016-09-06T14:38:46.000+0000 | 173188 |
Hello, Send us a full reproducible code that regenerates the issue.
[~shossain] No, that's something else (V8-update). In this case, the SSL-certificate is invalid.
[~jay joshi] The error
Leaf certificate could not be verified with provided public keyalready says what's incorrect. You may want to catch the error manually, but that's what happening.I have the code and certificate those are correctly working in iOS But I run the same code and certificate in Android if Certificate are wrong than they should not work in iOS also. The first thing is SSL Handshake error means it try to connect to url but can not success so it goes in fail means onError of xhr request. Is there anything that specially I have to configure for Android purpose ? Need your support as we are totally depends on module !!
I have Sample code ready for test in that's request params we are having PROPRIETARY INFO that we can not add on public foram. I want to know secure communication way for this or Want to setup call with you for this. Please guide me Thank you in advance.
Hello, I am running the project you have attached in the support portal. I am not getting the error that you have mentioned in the JIRA ticket. Please provide the complete steps to follow for successful regeneration. I am testing on Android 6.0.1 device. Thanks.
!https://postimg.org/image/4a430htn1/! This is screenshots !https://postimg.org/image/p5ism6kn9/!
Hello, The screenshots are not visible. Please attach files here by clicking "more" drop down/ attach files. Thanks.
!screenshot-1.png|thumbnail!
!screenshot-2.png|thumbnail!
Hello, I have again tested your sample app. I am seeing the below error in both studio console and ddms. I am not getting the TiHTTPClint error, [ERROR] : TiHTTPClient: (TiHttpClient-3) [29516,35410] HTTP Error (javax.net.ssl.SSLHandshakeException): Leaf certificate could not be verified with provided public key. Here are my logs. Studio console:
[ERROR] : TiHTTPClient: (TiHttpClient-7) [2179,833790] HTTP Error (java.net.UnknownHostException): Unable to resolve host "smartqc-sts.gep.com": No address associated with hostname [INFO] : ------------------------onerror-------------------------{"source":{"location":"https://smartqc-sts.gep.com/REST/TOKENS","status":0,"tlsVersion":3,"timeout":40000,"domain":null,"responseText":"","allResponseHeaders":"","connectionType":"POST","validatesSecureCertificate":false,"statusText":null,"readyState":1,"username":null,"password":null,"apiName":"Ti.Network.HTTPClient","responseXML":null,"responseData":null,"autoRedirect":true,"autoEncodeUrl":true,"connected":false,"bubbleParent":true,"securityManager":{"bubbleParent":true,"apiName":"appcelerator.Https.PinningSecurityManager"},"_events":{"disposehandle":{}}},"error":"Unable to resolve host \"smartqc-sts.gep.com\": No address associated with hostname","code":-1,"success":false}09-07 18:40:41.956: E/TiHTTPClient(28120): (TiHttpClient-8) [38427,872217] HTTP Error (java.net.UnknownHostException): Unable to resolve host "smartqc-sts.gep.com": No address associated with hostname 09-07 18:40:41.956: I/TiAPI(28120): ------------------------onerror-------------------------{"source":{"location":"https://smartqc-sts.gep.com/REST/TOKENS","status":0,"tlsVersion":3,"timeout":40000,"domain":null,"responseText":"","allResponseHeaders":"","connectionType":"POST","validatesSecureCertificate":false,"statusText":null,"readyState":1,"username":null,"password":null,"apiName":"Ti.Network.HTTPClient","responseXML":null,"responseData":null,"autoRedirect":true,"autoEncodeUrl":true,"connected":false,"bubbleParent":true,"securityManager":{"bubbleParent":true,"apiName":"appcelerator.Https.PinningSecurityManager"},"_events":{"disposehandle":{}}},"error":"Unable to resolve host \"smartqc-sts.gep.com\": No address associated with hostname","code":-1,"success":false}I think your internet connection is not working.
Hi Sharif, It isn't a problem with the certificates, because the same code with the same URLs and same certificates is working in iOS flawlessly. In fact, it has been tested and verified as well. The same code snippet when run in Android is causing a problem. If it were because of the certificate and URL issues, it wouldn't have worked in iOS either.
Hi , Sharif, Can you give us ETA for this ? We cross checked the certificates there are not any other certificates and we are using this for iOS too.
Hi, Is anyone looking into this issue? This has put a critical Android delivery to a key client for us on hold, and we need a sure-shot ETA on this ASAP. Is there any escalation that we can do to get this issue resolved sooner? Could someone please assist us on this?
Hi, Can any one give me more news about bug status ?
[~jay joshi] I believe you should be using
Alloy.CFG.STS_CERTIFICATEfor both requests, as that is the certificate that coincides with the host you are accessing. I think the bug lies with iOS not validating the public key correctly, it should throw the same exception.@Gary Mathews I made a native ios app for this certification pinning sample, in that it is working fine. Below is the link. https://drive.google.com/open?id=0B7TnjzoJ6BXka0RjbkhEeWFVd2M In the Viewcontroller.m file in "willSendRequestForAuthenticationChallenge" function, if you change it to wrong certificate, then it does not work but with the right certificate it does. In case of android, the module is failing.
Can i have any update for similar ?
@Gary Mathews : I am testing it !! soon i will update more Thank you for support.
Cleaning up older fixed issues. If this issue should not have been closed as fixed, please reopen.