Titanium JIRA Archive
Titanium SDK/CLI (TIMOB)

[TIMOB-3314] Android: validatesSecureCertificate not recognized

GitHub Issuen/a
TypeBug
PriorityMedium
StatusClosed
ResolutionFixed
Resolution Date2011-04-17T02:01:26.000+0000
Affected Version/sn/a
Fix Version/sRelease 1.7.0, Sprint 2011-10
ComponentsAndroid
Labelsandroid, defect, regression, release-1.7.0, reported-1.6.0, rplist
ReporterAlan Leard
AssigneeDon Thorp
Created2011-04-15T03:41:57.000+0000
Updated2011-04-17T02:01:26.000+0000

Description

Problem Regression from 1.5.1

validatesSecureCertificate = false is no longer recognized in the 1.6 build.

Tested using 1.5.1 and 1.6 and on device APIs 2.2.

Device Error Output

E/TiHttpClient( 820): (TiHttpClient-3) [0,512855] HTTP Error (javax.net.ssl.SSLException): Not trusted server certificate
E/TiHttpClient( 820): javax.net.ssl.SSLException: Not trusted server certificate
E/TiHttpClient( 820): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:371)
E/TiHttpClient( 820): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92)
E/TiHttpClient( 820): at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381)
E/TiHttpClient( 820): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:164)
E/TiHttpClient( 820): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
E/TiHttpClient( 820): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
E/TiHttpClient( 820): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348)
E/TiHttpClient( 820): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
E/TiHttpClient( 820): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:653)
E/TiHttpClient( 820): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:637)
E/TiHttpClient( 820): at ti.modules.titanium.network.TiHTTPClient$ClientRunnable.run(TiHTTPClient.java:1000)
E/TiHttpClient( 820): at java.lang.Thread.run(Thread.java:1096)
E/TiHttpClient( 820): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Could not validate certificate signature.
E/TiHttpClient( 820): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168)
E/TiHttpClient( 820): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:366)
E/TiHttpClient( 820): ... 11 more
E/TiHttpClient( 820): Caused by: java.security.cert.CertPathValidatorException: Could not validate certificate signature.
E/TiHttpClient( 820): at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:342)
E/TiHttpClient( 820): at java.security.cert.CertPathValidator.validate(CertPathValidator.java:202)
E/TiHttpClient( 820): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164)
E/TiHttpClient( 820): ... 12 more
E/TiHttpClient( 820): Caused by: java.security.SignatureException: Signature was not verified.
E/TiHttpClient( 820): at org.apache.harmony.security.provider.cert.X509CertImpl.fastVerify(X509CertImpl.java:601)
E/TiHttpClient( 820): at org.apache.harmony.security.provider.cert.X509CertImpl.verify(X509CertImpl.java:544)
E/TiHttpClient( 820): at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:337)
E/TiHttpClient( 820): ... 14 more

Testing File

See reference ticket for testing file due to private data.

Must create a distribution file and install on device to replicate issue.

http://developer.appcelerator.com/helpdesk/view/76333">http://developer.appcelerator.com/helpdesk/view/76333

Comments

  1. Zipcar (Goss) 2011-04-15

    This issue is a blocker for us. We are approaching an invite-only beta with our app, but cannot use it against our production servers due to this.

  2. Don Thorp 2011-04-15

    This will need to get ported back to the 1_6_X branch. Trying to find out timing information. Please fix it on master and I'll let you know when it gets picked back in.

  3. Opie Cyrus 2011-04-15

    (from [83df6eae31d162eb5714fdaf0dbb6913f2eaec8f]) [#3314 state:fixed-in-qa] Respect validatesSecureCertificate setting

    Updated HTTP client to respect validatesSecureCertificate property on proxy when set. Change is also now respected for future requests when changed between calls.
    https://github.com/appcelerator/titanium_mobile/commit/83df6eae31d162eb5714fdaf0dbb6913f2eaec8f"> https://github.com/appcelerator/titanium_mobile/commit/83df6eae31d1...

  4. Opie Cyrus 2011-04-15

    The changed behavior can be verified using the resources attached to previously mentioned HD ticket.

  5. Natalie Huynh 2011-04-15

    Tested with Titanium SDK version: 1.7.0 (03/17/11 10:02 630a276)
    Emulator 2.1
    [INFO] [63,181442] Sending request with validatesSecureCertificate = false [INFO] [8,185784] onerror{success "We weren't able to find a user with that username or Zipcard number. Please try entering it again."} [INFO] [21,336194] Sending request with validatesSecureCertificate = true [INFO] [5,337560] onerror

    Nexus S
    (kroll$2: file:///android_asset/Resources/app.js) [18,4275] Sending request with validatesSecureCertificate = false (kroll$2: file:///android_asset/Resources/app.js) [39,51051] Sending request with validatesSecureCertificate = true

JSON Source