{ "id": "155503", "key": "MOD-2209", "fields": { "issuetype": { "id": "1", "description": "A problem which impairs or prevents the functions of the product.", "name": "Bug", "subtask": false }, "project": { "id": "10034", "key": "MOD", "name": "Appcelerator Modules", "projectCategory": { "id": "10100", "description": "Titanium and related SDKs used in application development", "name": "Client" } }, "fixVersions": [], "resolution": { "id": "3", "description": "The problem is a duplicate of an existing issue.", "name": "Duplicate" }, "resolutiondate": "2016-10-31T17:50:59.000+0000", "created": "2016-03-07T18:47:25.000+0000", "priority": { "name": "Critical", "id": "1" }, "labels": [], "versions": [ { "id": "17157", "name": "Release 5.2.0", "archived": false, "released": true, "releaseDate": "2016-02-23" }, { "id": "17275", "name": "Release 5.1.2", "archived": false, "released": true, "releaseDate": "2016-01-06" } ], "issuelinks": [ { "id": "53218", "type": { "id": "10003", "name": "Relates", "inward": "relates to", "outward": "relates to" }, "outwardIssue": { "id": "162853", "key": "MOD-2295", "fields": { "summary": "Appcelerator HTTPS module not working with android device", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "priority": { "name": "Critical", "id": "1" }, "issuetype": { "id": "1", "description": "A problem which impairs or prevents the functions of the product.", "name": "Bug", "subtask": false } } } } ], "assignee": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "updated": "2018-08-06T17:41:07.000+0000", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "components": [], "description": "Hi,\r\nwhen we run our app with \"Appcelerator HTTPS Module\" in Android (Android 5.0.2) throwing errors.\r\nError Log :\r\n{code}\r\n[ERROR] : TiHTTPClient: (TiHttpClient-2) [11862,19699] HTTP Error (javax.net.ssl.SSLHandshakeException): Leaf certificate could not be verified with provided public key\r\n[ERROR] : TiHTTPClient: javax.net.ssl.SSLHandshakeException: Leaf certificate could not be verified with provided public key\r\n[ERROR] : TiHTTPClient: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:322)\r\n[ERROR] : TiHTTPClient: at com.android.okhttp.Connection.upgradeToTls(Connection.java:1257)\r\n[ERROR] : TiHTTPClient: at com.android.okhttp.Connection.connect(Connection.java:1188)\r\n[ERROR] : TiHTTPClient: at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:395)\r\n[ERROR] : TiHTTPClient: at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:298)\r\n[ERROR] : TiHTTPClient: at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:399)\r\n[ERROR] : TiHTTPClient: at com.android.okhttp.internal.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:349)\r\n[ERROR] : TiHTTPClient: at com.android.okhttp.internal.http.HttpURLConnectionImpl.getHeaderField(HttpURLConnectionImpl.java:165)\r\n[ERROR] : TiHTTPClient: at java.net.URLConnection.getHeaderFieldInt(URLConnection.java:543)\r\n[ERROR] : TiHTTPClient: at java.net.URLConnection.getContentLength(URLConnection.java:315)\r\n[ERROR] : TiHTTPClient: at com.android.okhttp.internal.http.DelegatingHttpsURLConnection.getContentLength(DelegatingHttpsURLConnection.java:146)\r\n[ERROR] : TiHTTPClient: at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getContentLength(HttpsURLConnectionImpl.java:25)\r\n[ERROR] : TiHTTPClient: at ti.modules.titanium.network.TiHTTPClient.handleResponse(TiHTTPClient.java:159)\r\n[ERROR] : TiHTTPClient: at ti.modules.titanium.network.TiHTTPClient.access$1200(TiHTTPClient.java:85)\r\n[ERROR] : TiHTTPClient: at ti.modules.titanium.network.TiHTTPClient$ClientRunnable.run(TiHTTPClient.java:1207)\r\n[ERROR] : TiHTTPClient: at java.lang.Thread.run(Thread.java:818)\r\n[ERROR] : TiHTTPClient: at appcelerator.https.PinningTrustManager.checkServerTrusted(PinningTrustManager.java:84)\r\n[ERROR] : TiHTTPClient: at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:116)\r\n[ERROR] : TiHTTPClient: at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:550)\r\n[ERROR] : TiHTTPClient: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)\r\n[ERROR] : TiHTTPClient: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:318)\r\n\r\n{code}", "attachment": [ { "id": "59419", "filename": " downloader.js", "author": { "name": "rmitro", "key": "rmitro", "displayName": "Rakhi Mitro", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2016-05-26T04:23:37.000+0000", "size": 5851, "mimeType": "text/javascript" } ], "flagged": false, "summary": "Android : Appcelerator HTTPS Module throwing error ", "creator": { "name": "aislam", "key": "aislam", "displayName": "Aminul Islam", "active": false, "timeZone": "Etc/GMT-6" }, "subtasks": [], "reporter": { "name": "aislam", "key": "aislam", "displayName": "Aminul Islam", "active": false, "timeZone": "Etc/GMT-6" }, "environment": "*Device info:* HTC (android 5.0.2)\r\n*Node.js Version:* 0.12.7\r\n*npm Version:* 2.11.3\r\n*Titanium SDKs:* 5.2.0.GA and 5.1.2.GA\r\n*Java Development Kit Version:* 1.8.0_73\r\n*Titanium CLI Version:* 5.0.5", "closedSprints": [ { "id": 741, "state": "closed", "name": "2016 Sprint 22 SDK", "startDate": "2016-10-22T00:02:29.945Z", "endDate": "2016-11-05T00:02:00.000Z", "completeDate": "2016-11-07T04:38:58.335Z", "originBoardId": 114 } ], "comment": { "comments": [ { "id": "379091", "author": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "body": "Hi is there code to reproduce this?", "updateAuthor": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2016-03-08T00:20:10.000+0000", "updated": "2016-03-08T00:20:10.000+0000" }, { "id": "379225", "author": { "name": "aislam", "key": "aislam", "displayName": "Aminul Islam", "active": false, "timeZone": "Etc/GMT-6" }, "body": "Hi,\r\nPlease use example code in module folder. You can also use sample code from appcelerator documentation. \r\nThanks ", "updateAuthor": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2016-03-08T18:18:45.000+0000", "updated": "2016-04-04T23:22:51.000+0000" }, { "id": "380492", "author": { "name": "msamah", "key": "msamah", "displayName": "Ashraf Abu", "active": false, "timeZone": "Asia/Singapore" }, "body": "[~aislam] Can you test it with another website/link that uses another certificate(der)? The error ur getting is the authentication failing. Would other links and cert work? If it's throwing an error, it could be that the certificate does not match any more. Which is how it's suppose to work and it's function.", "updateAuthor": { "name": "msamah", "key": "msamah", "displayName": "Ashraf Abu", "active": false, "timeZone": "Asia/Singapore" }, "created": "2016-03-23T09:13:40.000+0000", "updated": "2016-03-23T09:13:40.000+0000" }, { "id": "384543", "author": { "name": "msamah", "key": "msamah", "displayName": "Ashraf Abu", "active": false, "timeZone": "Asia/Singapore" }, "body": "Upon further investigation, I find no issues with this ticket.\r\n\r\nFirst you need to check that the certificate is correct with one of the following commands:-\r\n{quote}\r\nopenssl x509 -in certificatefile.cer -noout -text\r\nopenssl x509 -inform pem -in certificatefile.cer -noout -text\r\nopenssl x509 -inform der -in certificatefile.cer -noout -text\r\n{quote}\r\nFrom here, you can look into the certificate to ensure it's the correct certificate. Ensure that the validity is correct and it is for the correct website.\r\n\r\nOnce that's done you can continue as mentioned in the demo code. Demo code as follows:-\r\n{code}\r\n\r\n// this sets the background color of the master UIView (when there are no windows/tab groups on it)\r\nvar https = require('appcelerator.https');\r\nvar securityManager = https.createX509CertificatePinningSecurityManager([\r\n {\r\n url: \"https://www.wellsfargo.com\",\r\n serverCertificate: \"wells.cert\"\r\n },\r\n {\r\n url: \"https://www.americanexpress.com\",\r\n serverCertificate: \"wells.cert\"\r\n }\r\n]);\r\n\r\n\r\nvar win = Titanium.UI.createWindow({ \r\n title: 'Pin Example',\r\n backgroundColor: 'white'\r\n});\r\n\r\nvar view = Ti.UI.createView({\r\n backgroundColor: 'white',\r\n layout: 'vertical',\r\n width: Ti.UI.SIZE,\r\n height: Ti.UI.SIZE,\r\n top:20\r\n});\r\n\r\nvar button1 = Titanium.UI.createButton({\r\n title: 'Load wellsfargo',\r\n color: 'green',\r\n top:20,\r\n});\r\n\r\nvar button2 = Titanium.UI.createButton({\r\n title: 'Load americanexpress',\r\n color: 'red',\r\n top:20,\r\n});\r\n\r\nvar button3 = Titanium.UI.createButton({\r\n title: 'Load appcelerator',\r\n color: 'blue',\r\n top:20,\r\n});\r\n\r\n\r\nvar label1 = Titanium.UI.createLabel({\r\n text: 'Desc:',\r\n color: 'black',\r\n top:20,\r\n});\r\n\r\nvar label2 = Titanium.UI.createLabel({\r\n text: 'Status:',\r\n color: 'black',\r\n top:20,\r\n});\r\n\r\nview.add(button1);\r\nview.add(button2);\r\nview.add(button3);\r\nview.add(label1);\r\nview.add(label2);\r\n\r\nwin.add(view);\r\nwin.open();\r\n\r\n\r\n\r\nfunction getXHR(url) {\r\n var xhr = Ti.Network.createHTTPClient({\r\n onload: function(e) {\r\n label2.text = 'onload called. Request succeeded';\r\n },\r\n onerror: function(e) {\r\n label2.text = 'onerror called. Request failed.';\r\n },\r\n timeout : 30000,\r\n securityManager: securityManager\r\n });\r\n \r\n xhr.open('GET',url);\r\n \r\n return xhr;\r\n}\r\n\r\nvar wf = \"https://www.wellsfargo.com\";\r\nvar amex = \"https://www.americanexpress.com\";\r\nvar appc = \"https://dashboard.appcelerator.com\";\r\n\r\nbutton1.addEventListener('click',function(e){\r\n var xhr = getXHR(wf);\r\n label1.text = 'SecurityManager is configured correctly for this request. Request must succeed. ';\r\n label1.color = 'green';\r\n xhr.send();\r\n});\r\nbutton2.addEventListener('click',function(e){\r\n var xhr = getXHR(amex);\r\n label1.text = 'SecurityManager is configured incorrectly for this request. Request must fail. ';\r\n label1.color = 'red';\r\n xhr.send();\r\n});\r\nbutton3.addEventListener('click',function(e){\r\n var xhr = getXHR(appc);\r\n label1.text = 'SecurityManager does not participate in the validation of this request.';\r\n label1.color = 'blue';\r\n xhr.send();\r\n});\r\n\r\n{code}\r\nNote: If the certificate is no longer valid, it WILL throw an error. Please use a valid certificate. To inspect the certificate, use the commands mentioned earlier in this comment.\r\n\r\nA GeoTrust cert will work.", "updateAuthor": { "name": "msamah", "key": "msamah", "displayName": "Ashraf Abu", "active": false, "timeZone": "Asia/Singapore" }, "created": "2016-05-03T06:44:47.000+0000", "updated": "2016-05-03T06:55:18.000+0000" }, { "id": "384545", "author": { "name": "msamah", "key": "msamah", "displayName": "Ashraf Abu", "active": false, "timeZone": "Asia/Singapore" }, "body": "If there are no more issues, will be resolving this ticket.", "updateAuthor": { "name": "msamah", "key": "msamah", "displayName": "Ashraf Abu", "active": false, "timeZone": "Asia/Singapore" }, "created": "2016-05-03T06:49:22.000+0000", "updated": "2016-05-03T06:49:22.000+0000" }, { "id": "384806", "author": { "name": "msamah", "key": "msamah", "displayName": "Ashraf Abu", "active": false, "timeZone": "Asia/Singapore" }, "body": "[~rmitro] Any updates on your end?", "updateAuthor": { "name": "msamah", "key": "msamah", "displayName": "Ashraf Abu", "active": false, "timeZone": "Asia/Singapore" }, "created": "2016-05-05T04:07:12.000+0000", "updated": "2016-05-05T04:07:12.000+0000" }, { "id": "386149", "author": { "name": "msamah", "key": "msamah", "displayName": "Ashraf Abu", "active": false, "timeZone": "Asia/Singapore" }, "body": "I'm gonna resolve this ticket as there are no updates.", "updateAuthor": { "name": "msamah", "key": "msamah", "displayName": "Ashraf Abu", "active": false, "timeZone": "Asia/Singapore" }, "created": "2016-05-19T04:44:43.000+0000", "updated": "2016-05-19T04:44:43.000+0000" }, { "id": "399866", "author": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "updateAuthor": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2016-10-26T14:45:54.000+0000", "updated": "2016-10-26T21:53:35.000+0000" }, { "id": "439981", "author": { "name": "emerriman", "key": "emerriman", "displayName": "Eric Merriman ", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Closing as a duplicate. If this is in error, please reopen.", "updateAuthor": { "name": "emerriman", "key": "emerriman", "displayName": "Eric Merriman ", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-08-06T17:41:07.000+0000", "updated": "2018-08-06T17:41:07.000+0000" } ], "maxResults": 37, "total": 37, "startAt": 0 } } }