OkHttp + Retrofit libssl 以两种方式崩溃 SSL 身份验证

Posted

技术标签:

【中文标题】OkHttp + Retrofit libssl 以两种方式崩溃 SSL 身份验证【英文标题】:OkHttp + Retrofit libssl crash in two way SSL authentication 【发布时间】:2014-07-22 19:37:24 【问题描述】:

OkHttp:2.0.0-RC1,改造:1.5.1。

我正在创建这里提到的 okHttp 客户端:NoSuchMethodError if i am using okhttp 2.0 and the latest retrofit? 并设置我自己的SSLScoketFactory,并像这样初始化SSLContext

KeyStore keyStore = App.getInstance().getKeyStoreUtil().getKeyStore();
KeyStore trustStore = App.getInstance().getKeyStoreUtil().getTrustStore();

TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(trustStore);

KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, AppConfig.KEYSTORE_PASSWORD);


final X509KeyManager origKm = (X509KeyManager) kmf.getKeyManagers()[0];
//it's standard X509KeyManager, I've put some logging there
X509KeyManager km = new MyKeyManager(origKm);

SSLContext sslCtx = SSLContext.getInstance("TLS");
sslCtx.init(new KeyManager[]km, tmf.getTrustManagers(), null);
client.setSslSocketFactory(sslCtx.getSocketFactory());
client.setHostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);

当我尝试建立双向身份验证 SSL 连接时,每次应用程序崩溃并显示以下日志:

06-02 17:42:01.215  25176-25542/pl.oneapp.sugarloaf A/libc﹕ Fatal signal 11 (SIGSEGV) at 0x00000000 (code=1), thread 25542 (IntentService[P)
    06-02 17:42:01.236      253-253/? I/DEBUG﹕ debuggerd: 2014-06-02 17:42:01
    06-02 17:42:01.236      253-253/? I/DEBUG﹕ *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
    06-02 17:42:01.236      253-253/? I/DEBUG﹕ Build fingerprint: 'tmo_de/ville/ville:4.1.1/JRO03C/148618.10:user/release-keys'
    06-02 17:42:01.236      253-253/? I/DEBUG﹕ pid: 25176, tid: 25542, name: IntentService[P  >>> pl.oneapp.sugarloaf <<<
    06-02 17:42:01.236      253-253/? I/DEBUG﹕ debuggerd: checkTellHTCSettings
    06-02 17:42:01.256      253-253/? I/DEBUG﹕ signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 00000000
    06-02 17:42:01.486      253-253/? I/DEBUG﹕ r0 00000000  r1 0000000a  r2 00001173  r3 10000000
    06-02 17:42:01.486      253-253/? I/DEBUG﹕ r4 00000000  r5 00000000  r6 00000000  r7 00000000
    06-02 17:42:01.486      253-253/? I/DEBUG﹕ r8 000011d0  r9 00000000  sl 00001173  fp 000011d0
    06-02 17:42:01.486      253-253/? I/DEBUG﹕ ip 40ad3b00  sp 543ef8d8  lr 40ab4097  pc 40a1c454  cpsr 28000030
    06-02 17:42:01.486      253-253/? I/DEBUG﹕ d0  686320726f727245  d1  7020676e696b6365
    06-02 17:42:01.486      253-253/? I/DEBUG﹕ d2  6b20657461766972  d3  3d6c7373203a7965
    06-02 17:42:01.496      253-253/? I/DEBUG﹕ d4  72307d503389e03e  d5  1d7b8760438f005a
    06-02 17:42:01.496      253-253/? I/DEBUG﹕ d6  0a9bbe21ecb6ae8c  d7  723f33a5fd51fd91
    06-02 17:42:01.496      253-253/? I/DEBUG﹕ d8  0000000000000000  d9  4407000000000000
    06-02 17:42:01.496      253-253/? I/DEBUG﹕ d10 0000000044548000  d11 0000000000000000
    06-02 17:42:01.496      253-253/? I/DEBUG﹕ d12 0000000000000000  d13 0000000000000000
    06-02 17:42:01.496      253-253/? I/DEBUG﹕ d14 0000000000000000  d15 0000000000000000
    06-02 17:42:01.496      253-253/? I/DEBUG﹕ d16 6c616e7265747865  d17 6c73736e65706f2f
    06-02 17:42:01.496      253-253/? I/DEBUG﹕ d18 6974756f72204c53  d19 5f4c53533a73656e
    06-02 17:42:01.496      253-253/? I/DEBUG﹕ d20 72705f6b63656863  d21 656b5f6574617669
    06-02 17:42:01.496      253-253/? I/DEBUG﹕ d22 697270206f6e3a79  d23 79656b2065746176
    06-02 17:42:01.496      253-253/? I/DEBUG﹕ d24 0000000000000001  d25 0000000000000019
    06-02 17:42:01.496      253-253/? I/DEBUG﹕ d26 0000000000000000  d27 0000000000000000
    06-02 17:42:01.506      253-253/? I/DEBUG﹕ d28 0000000000000009  d29 0020001f001e001c
    06-02 17:42:01.506      253-253/? I/DEBUG﹕ d30 0050005000500050  d31 0000000000000000
    06-02 17:42:01.506      253-253/? I/DEBUG﹕ scr 68000013
    06-02 17:42:01.516      253-253/? I/DEBUG﹕ backtrace:
    06-02 17:42:01.516      253-253/? I/DEBUG﹕ #00  pc 00055454  /system/lib/libcrypto.so (BUF_MEM_grow_clean+3)
    06-02 17:42:01.516      253-253/? I/DEBUG﹕ #01  pc 00015093  /system/lib/libssl.so (ssl3_output_cert_chain+62)
    06-02 17:42:01.516      253-253/? I/DEBUG﹕ #02  pc 00018199  /system/lib/libssl.so (ssl3_send_client_certificate+244)
    06-02 17:42:01.516      253-253/? I/DEBUG﹕ #03  pc 00018575  /system/lib/libssl.so (ssl3_connect+960)
    06-02 17:42:01.516      253-253/? I/DEBUG﹕ #04  pc 00023923  /system/lib/libssl.so (SSL_connect+18)
    06-02 17:42:01.516      253-253/? I/DEBUG﹕ #05  pc 000114f7  /system/lib/libssl.so (ssl23_connect+1970)
    06-02 17:42:01.516      253-253/? I/DEBUG﹕ #06  pc 0002385b  /system/lib/libssl.so (SSL_do_handshake+66)
    06-02 17:42:01.516      253-253/? I/DEBUG﹕ #07  pc 00020cdf  /system/lib/libjavacore.so
    06-02 17:42:01.516      253-253/? I/DEBUG﹕ #08  pc 0001f6f0  /system/lib/libdvm.so (dvmPlatformInvoke+112)
    06-02 17:42:01.516      253-253/? I/DEBUG﹕ #09  pc 0005269b  /system/lib/libdvm.so (dvmCallJNIMethod(unsigned int const*, JValue*, Method const*, Thread*)+422)
    06-02 17:42:01.516      253-253/? I/DEBUG﹕ #10  pc 00028ba0  /system/lib/libdvm.so
    06-02 17:42:01.526      253-253/? I/DEBUG﹕ #11  pc 0002eb60  /system/lib/libdvm.so (dvmInterpret(Thread*, Method const*, JValue*)+228)
    06-02 17:42:01.526      253-253/? I/DEBUG﹕ #12  pc 00068631  /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+272)
    06-02 17:42:01.526      253-253/? I/DEBUG﹕ #13  pc 0006865b  /system/lib/libdvm.so (dvmCallMethod(Thread*, Method const*, Object*, JValue*, ...)+20)
    06-02 17:42:01.526      253-253/? I/DEBUG﹕ #14  pc 0007853b  /system/lib/libdvm.so
    06-02 17:42:01.526      253-253/? I/DEBUG﹕ #15  pc 00028ba0  /system/lib/libdvm.so
    06-02 17:42:01.526      253-253/? I/DEBUG﹕ #16  pc 0002eb60  /system/lib/libdvm.so (dvmInterpret(Thread*, Method const*, JValue*)+228)
    06-02 17:42:01.526      253-253/? I/DEBUG﹕ #17  pc 00068631  /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+272)
    06-02 17:42:01.526      253-253/? I/DEBUG﹕ #18  pc 0006865b  /system/lib/libdvm.so (dvmCallMethod(Thread*, Method const*, Object*, JValue*, ...)+20)
    06-02 17:42:01.526      253-253/? I/DEBUG﹕ #19  pc 0005b6e3  /system/lib/libdvm.so
    06-02 17:42:01.526      253-253/? I/DEBUG﹕ #20  pc 00012f48  /system/lib/libc.so (__thread_entry+108)
    06-02 17:42:01.526      253-253/? I/DEBUG﹕ #21  pc 00012650  /system/lib/libc.so (pthread_create+244)
    06-02 17:42:01.536      253-253/? I/DEBUG﹕ stack:
    06-02 17:42:01.536      253-253/? I/DEBUG﹕ 543ef898  4d0dc729  /system/framework/core.odex
    06-02 17:42:01.536      253-253/? I/DEBUG﹕ 543ef89c  543ef8e8  [stack:25542]
    06-02 17:42:01.536      253-253/? I/DEBUG﹕ 543ef8a0  00000001
    06-02 17:42:01.536      253-253/? I/DEBUG﹕ 543ef8a4  4096c635  /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+276)
    06-02 17:42:01.536      253-253/? I/DEBUG﹕ 543ef8a8  50549108
    06-02 17:42:01.536      253-253/? I/DEBUG﹕ 543ef8ac  4c02ac30  /dev/ashmem/dalvik-LinearAlloc (deleted)
    06-02 17:42:01.536      253-253/? I/DEBUG﹕ 543ef8b0  418bfc88  /dev/ashmem/dalvik-heap (deleted)
    06-02 17:42:01.536      253-253/? I/DEBUG﹕ 543ef8b4  418bfc88  /dev/ashmem/dalvik-heap (deleted)
    06-02 17:42:01.536      253-253/? I/DEBUG﹕ 543ef8b8  4c02ac30  /dev/ashmem/dalvik-LinearAlloc (deleted)
    06-02 17:42:01.536      253-253/? I/DEBUG﹕ 543ef8bc  5478ac08
    06-02 17:42:01.536      253-253/? I/DEBUG﹕ 543ef8c0  543ef8e4  [stack:25542]
    06-02 17:42:01.536      253-253/? I/DEBUG﹕ 543ef8c4  4c02ac30  /dev/ashmem/dalvik-LinearAlloc (deleted)
    06-02 17:42:01.536      253-253/? I/DEBUG﹕ 543ef8c8  5478ac08
    06-02 17:42:01.536      253-253/? I/DEBUG﹕ 543ef8cc  40952141  /system/lib/libdvm.so
    06-02 17:42:01.536      253-253/? I/DEBUG﹕ 543ef8d0  df0027ad
    06-02 17:42:01.536      253-253/? I/DEBUG﹕ 543ef8d4  00000000
    06-02 17:42:01.536      253-253/? I/DEBUG﹕ #00  543ef8d8  00000000
    06-02 17:42:01.536      253-253/? I/DEBUG﹕ 543ef8dc  0000000a
    06-02 17:42:01.546      253-253/? I/DEBUG﹕ 543ef8e0  00001173
    06-02 17:42:01.546      253-253/? I/DEBUG﹕ 543ef8e4  00000000
    06-02 17:42:01.546      253-253/? I/DEBUG﹕ 543ef8e8  5056ba80
    06-02 17:42:01.546      253-253/? I/DEBUG﹕ 543ef8ec  00000000
    06-02 17:42:01.546      253-253/? I/DEBUG﹕ 543ef8f0  00000000
    06-02 17:42:01.546      253-253/? I/DEBUG﹕ 543ef8f4  40ab4097  /system/lib/libssl.so (ssl3_output_cert_chain+66)
    06-02 17:42:01.546      253-253/? I/DEBUG﹕ #01  543ef8f8  5056ba80
    06-02 17:42:01.546      253-253/? I/DEBUG﹕ 543ef8fc  40952141  /system/lib/libdvm.so
    06-02 17:42:01.546      253-253/? I/DEBUG﹕ 543ef900  00000001
    06-02 17:42:01.546      253-253/? I/DEBUG﹕ 543ef904  00000007
    06-02 17:42:01.546      253-253/? I/DEBUG﹕ 543ef908  5478ac08
    06-02 17:42:01.546      253-253/? I/DEBUG﹕ 543ef90c  50549108
    06-02 17:42:01.546      253-253/? I/DEBUG﹕ 543ef910  5478ac08
    06-02 17:42:01.546      253-253/? I/DEBUG﹕ 543ef914  4eaf5c71  /system/lib/libjavacore.so
    06-02 17:42:01.546      253-253/? I/DEBUG﹕ 543ef918  543ef91c  [stack:25542]
    06-02 17:42:01.546      253-253/? I/DEBUG﹕ 543ef91c  4eaf9c81  /system/lib/libjavacore.so
    06-02 17:42:01.546      253-253/? I/DEBUG﹕ 543ef920  20900021
    06-02 17:42:01.546      253-253/? I/DEBUG﹕ 543ef924  54793f44
    06-02 17:42:01.546      253-253/? I/DEBUG﹕ 543ef928  54793f44
    06-02 17:42:01.546      253-253/? I/DEBUG﹕ 543ef92c  31600009
    06-02 17:42:01.546      253-253/? I/DEBUG﹕ 543ef930  5424ba78
    06-02 17:42:01.556      253-253/? I/DEBUG﹕ 543ef934  543ef9b8  [stack:25542]
    06-02 17:42:01.556      253-253/? I/DEBUG﹕ ........  ........
    06-02 17:42:01.556      253-253/? I/DEBUG﹕ #02  543ef9b0  5056ba80
    06-02 17:42:01.556      253-253/? I/DEBUG﹕ 543ef9b4  00001001
    06-02 17:42:01.556      253-253/? I/DEBUG﹕ 543ef9b8  00000000
    06-02 17:42:01.556      253-253/? I/DEBUG﹕ 543ef9bc  00000000
    06-02 17:42:01.556      253-253/? I/DEBUG﹕ 543ef9c0  5056ba80
    06-02 17:42:01.556      253-253/? I/DEBUG﹕ 543ef9c4  00001170
    06-02 17:42:01.556      253-253/? I/DEBUG﹕ 543ef9c8  00001170
    06-02 17:42:01.556      253-253/? I/DEBUG﹕ 543ef9cc  40ab7579  /system/lib/libssl.so (ssl3_connect+964)
    06-02 17:42:01.566      253-253/? I/DEBUG﹕ memory near r2:
    06-02 17:42:01.566      253-253/? I/DEBUG﹕ 00001150 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.566      253-253/? I/DEBUG﹕ 00001160 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.566      253-253/? I/DEBUG﹕ 00001170 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.566      253-253/? I/DEBUG﹕ 00001180 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.566      253-253/? I/DEBUG﹕ 00001190 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.566      253-253/? I/DEBUG﹕ memory near r3:
    06-02 17:42:01.576      253-253/? I/DEBUG﹕ 0fffffe0 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.576      253-253/? I/DEBUG﹕ 0ffffff0 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.576      253-253/? I/DEBUG﹕ 10000000 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.576      253-253/? I/DEBUG﹕ 10000010 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.576      253-253/? I/DEBUG﹕ 10000020 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.576      253-253/? I/DEBUG﹕ memory near r8:
    06-02 17:42:01.576      253-253/? I/DEBUG﹕ 000011b0 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.576      253-253/? I/DEBUG﹕ 000011c0 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.576      253-253/? I/DEBUG﹕ 000011d0 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.576      253-253/? I/DEBUG﹕ 000011e0 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.576      253-253/? I/DEBUG﹕ 000011f0 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.576      253-253/? I/DEBUG﹕ memory near sl:
    06-02 17:42:01.586      253-253/? I/DEBUG﹕ 00001150 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.586      253-253/? I/DEBUG﹕ 00001160 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.586      253-253/? I/DEBUG﹕ 00001170 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.586      253-253/? I/DEBUG﹕ 00001180 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.586      253-253/? I/DEBUG﹕ 00001190 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.586      253-253/? I/DEBUG﹕ memory near fp:
    06-02 17:42:01.586      253-253/? I/DEBUG﹕ 000011b0 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.586      253-253/? I/DEBUG﹕ 000011c0 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.586      253-253/? I/DEBUG﹕ 000011d0 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.586      253-253/? I/DEBUG﹕ 000011e0 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.586      253-253/? I/DEBUG﹕ 000011f0 ffffffff ffffffff ffffffff ffffffff  ................
    06-02 17:42:01.586      253-253/? I/DEBUG﹕ memory near ip:
    06-02 17:42:01.586      253-253/? I/DEBUG﹕ 40ad3ae0 40a1131d 40a11ca3 40a4bab1 4016f200  ...@...@...@...@
    06-02 17:42:01.586      253-253/? I/DEBUG﹕ 40ad3af0 409fe3fd 40a4ba0d 40a4ba65 4018b9a5  ...@...@e..@...@
    06-02 17:42:01.586      253-253/? I/DEBUG﹕ 40ad3b00 40a1c451 40a0e641 40a39585 40a3955d  Q..@A..@...@]..@
    06-02 17:42:01.596      253-253/? I/DEBUG﹕ 40ad3b10 40a0c2ed 409fe349 4017c3c5 40a0545d  ...@I..@...@]T.@
    06-02 17:42:01.596      253-253/? I/DEBUG﹕ 40ad3b20 4017c485 40a4bb29 40a4ba39 40a4baa5  ...@)..@9..@...@
    06-02 17:42:01.596      253-253/? I/DEBUG﹕ memory near sp:
    06-02 17:42:01.596      253-253/? I/DEBUG﹕ 543ef8b8 4c02ac30 5478ac08 543ef8e4 4c02ac30  0..L..xT..>T0..L
    06-02 17:42:01.596      253-253/? I/DEBUG﹕ 543ef8c8 5478ac08 40952141 df0027ad 00000000  ..xTA!.@.'......
    06-02 17:42:01.596      253-253/? I/DEBUG﹕ 543ef8d8 00000000 0000000a 00001173 00000000  ........s.......
    06-02 17:42:01.596      253-253/? I/DEBUG﹕ 543ef8e8 5056ba80 00000000 00000000 40ab4097  ..VP.........@.@
    06-02 17:42:01.596      253-253/? I/DEBUG﹕ 543ef8f8 5056ba80 40952141 00000001 00000007  ..VPA!.@........
    06-02 17:42:01.596      253-253/? I/DEBUG﹕ code around pc:
    06-02 17:42:01.596      253-253/? I/DEBUG﹕ 40a1c434 602cee62 bdfe4620 5ffffffc 000512e4  b.,` F....._....
    06-02 17:42:01.596      253-253/? I/DEBUG﹕ 40a1c444 000512c2 000512b4 000512a2 4605b5f7  ...............F
    06-02 17:42:01.596      253-253/? I/DEBUG﹕ 40a1c454 460c6803 bf22428b 0203ebc1 18406840  .h.F.B".....@h@.
    06-02 17:42:01.596      253-253/? I/DEBUG﹕ 40a1c464 68aed23d bf22428e 0201ebc3 18c06868  =..h.B".....hh..
    06-02 17:42:01.596      253-253/? I/DEBUG﹕ 40a1c474 4b1ed235 d90a4299 229f4b1d 92002007  5..K.B...K.". ..
    06-02 17:42:01.596      253-253/? I/DEBUG﹕ code around lr:
    06-02 17:42:01.596      253-253/? I/DEBUG﹕ 40ab4074 f8d110e8 36006094 2601bf18 bf182800  .....`.6...&.(..
    06-02 17:42:01.596      253-253/? I/DEBUG﹕ 40ab4084 0601f046 2601e000 210a6bec f7f74620  F......&.k.! F..
    06-02 17:42:01.596      253-253/? I/DEBUG﹕ 40ab4094 4680eabe 4b48b958 1269f240 92002014  ...FX.HK@.i.. ..
    06-02 17:42:01.596      253-253/? I/DEBUG﹕ 40ab40a4 2193447b f7f72207 4640ea46 f1b9e081  D.!."..F.@F....
    06-02 17:42:01.596      253-253/? I/DEBUG﹕ 40ab40b4 d03a0f00 4620b13e 464aa903 fe52f7ff  ..:.>. F..JF..R.

我在这里看到过关于这个问题的讨论:https://github.com/square/okhttp/issues/184,但我认为它已在 2.0.0 中修复。 (此外,我使用的是我自己的 SSL 上下文,而不是默认的)。

我试过URL.setURLStreamHandlerFactory(new OkHttpClient());(OkHttp 1.6.0),但也没有用。

我也读过这个:https://code.google.com/p/android/issues/detail?id=35326,但那里没有有用的信息。

是我做错了什么,还是 OkHttp 仍然有SSLContext 的问题?

@edit

HTC ONE S (S4) 4.1.1 库存

@edit2

现在不确定是否真的是 okHttp 故障。我创建密钥库的方式(或向其中添加密钥)有问题。目前我的信任库在 res/raw 中作为 .bks 文件,并且我的密钥库在运行时动态创建:

keyStore = KeyStore.getInstance("BKS");
keyStore.load(null, "password".toCharArray());

将密钥保存到密钥库:

public void saveKeyToKeystore(KeyPair keyPair, String stringCertificate, String alias, char[] password) 
    try 
        PrivateKey myKey = keyPair.getPrivate();
        Certificate[] chain = new X509Certificate[1];
        X509Certificate certificate = parseCertificate(stringCertificate);
        chain[0] = certificate;
        keyStore.setKeyEntry(alias, myKey, password, chain);
        saveKeyStore();
     catch (Exception e) 
        e.printStackTrace();
    

但是当我在 android 应用程序之外创建我的密钥库时,使用 openssl 工具并将其存储在 pkcs12 密钥库中,一切正常!

@edit3

在 android 4.1.2 + okHttp 上不会崩溃(请参阅上面链接的 code.google[...] 的讨论),但我收到以下错误,提示键值不匹配

error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

@edit4

好的,现在我知道出了什么问题。在创建 ma 证书链以将密钥保存到密钥库时,我不必使用 rootCA(用于签署我的证书)。现在我的Certificate 数组链只包含一个证书。

上面的代码可以正常工作,我已经更改了所有错误的行!

但是,仍然不知道 okHttp 崩溃的原因。

@edit5

如果密钥/证书密钥库有任何问题,不会抛出错误,让我保存它的内容。但是当密钥库条目不正确时,okHttp 会崩溃。

【问题讨论】:

【参考方案1】:

哎呀。你能把这个报告给 OkHttp 问题跟踪器吗?我的猜测是某些东西正在与 OkHttp 共享 SSL 上下文,但这是行不通的。

【讨论】:

我不太确定是 okHttp 问题,我的代码也有问题。一旦我知道这是我的错还是 okHttp(或两者兼而有之?),我会立即发布它。看看我的最后一次编辑 现在一切正常,我的证书链出错了。但是 X509KeyManager 成功选择了他们错误的私钥/证书并且 libssl 崩溃(或抛出错误 - 请参阅 @edit3 了解 4.1.2+ 设备)。对于正确的证书 [] 链,libssl 不会崩溃。

以上是关于OkHttp + Retrofit libssl 以两种方式崩溃 SSL 身份验证的主要内容,如果未能解决你的问题,请参考以下文章

带你走通 OkHttp+Retrofit+Rxjava

Retrofit--使用Retrofit时怎样去设置OKHttp

Retrofit/OkHTTP/RxJava 间歇性 InterruptedIOException

Retrofit+Okhttp 在 Android 中是不是默认使用 httpCaching?

如何使用 OkHttp/Retrofit 重试 HTTP 请求?

OkHttp/Retrofit 默认超时