获取 javax.net.ssl.SSLHandshakeException:Android 5.0.2 中的连接被对等方关闭

2022-01-25 00:00:00 ssl tls1.2 ssl-certificate android java

首先,我已经上网搜索,调试了3天.

First, I've already searched the internet and have been debugging for 3 days.

这是确切的错误,

javax.net.ssl.SSLHandshakeException: Connection closed by peer
  at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
  at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:302)
  at com.android.okhttp.Connection.upgradeToTls(Connection.java:197)
  at com.android.okhttp.Connection.connect(Connection.java:151)
  at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:276)
  at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:211)
  at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:373)
  at com.android.okhttp.internal.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:106)
  at com.android.okhttp.internal.http.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:208)
  at com.android.okhttp.internal.http.DelegatingHttpsURLConnection.getOutputStream(DelegatingHttpsURLConnection.java:218)
  at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:25)
  at com.aws.wiremo.common.CommonFunctions.sendRequestEx(CommonFunctions.java:618)
  at com.aws.wiremo.common.CommonFunctions.sendRequest(CommonFunctions.java:556)
  at com.aws.wiremo.screen.kdo.LoadingScreen$MakeRequest.doInBackground(LoadingScreen.java:146)
  at com.aws.wiremo.screen.kdo.LoadingScreen$MakeRequest.doInBackground(LoadingScreen.java:125)
  at android.os.AsyncTask$2.call(AsyncTask.java:288)
  at java.util.concurrent.FutureTask.run(FutureTask.java:237)
  at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
  at java.lang.Thread.run(Thread.java:818)

出于保密原因,我无法发布代码.StackTrace 给出的异常不是由异常引起的,所以我无法真正诊断问题.

这里有一些我可以分享的信息.

Due to confidentiality reasons, I can't post the codes. There's no caused by exception given by the StackTrace so i can't really diagnose the problem.

Here are some information I can share.

  • 请求正在发送到 https://[IP_address]:443/
  • 我正在向特殊硬件(例如控制箱)发送请求.我只能通过 POST 请求写入和检索数据.
  • 我在 CustomTrustManager 的 checkServerTrusted 方法中收到的证书链有一个 CN,它不是 IP 地址也不是 DNS,更像是一个词(即 CN=commonname).
  • 我的 HostNameVerifier 暂时是 ALLOW_ALL_HOSTNAME_VERIFIER(我认为这可以解决第三个信息的问题?).
  • 我正在使用 SSLContext.getInstance("TLS"),我的协议是 TLSv1、TLSv1.1 和 TLSv1.2.
  • 所使用的证书是自签名的.
  • 在 checkServerTrusted 方法中,X509Certificate 链始终受信任管理器信任(我创建了一个始终信任证书的 trustManager).


我们将不胜感激.


Any inputs will be appreciated.

推荐答案

我的问题的答案是我注释了将生成的私钥添加到我的密钥库的代码,因此 SSL HandShake 在客户端身份验证期间失败.

The answer to my problem was that I commented the code for adding my generated private key to my key store so the SSL HandShake fails during client authentication.

我希望这个答案可以帮助别人.

I hope this answer can help somebody.

相关文章