[Interest] Ignore SSL errors on Android 6.0+
Thiago Macieira
thiago.macieira at intel.com
Tue Mar 28 09:10:12 CEST 2017
Em segunda-feira, 27 de março de 2017, às 23:58:32 PDT, Jan 'Koviš' Struhár
escreveu:
> my mobile app using QNetworkAccessManager to access https://www.webnotes.cz
That website isn't working. Tried curl in the command-line:
$ curl -v https://www.webnotes.cz
* Rebuilt URL to: https://www.webnotes.cz/
* Trying 88.208.118.6...
* TCP_NODELAY set
* Connected to www.webnotes.cz (88.208.118.6) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to www.webnotes.cz:443
* stopped the pause stream!
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to www.webnotes.cz:443
Also OpenSSL directly:
$ openssl s_client -connect www.webnotes.cz:443
CONNECTED(00000003)
139669878310040:error:140790E5:SSL routines:ssl23_write:ssl handshake
failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 293 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1490684780
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
GnuTLS gets a little farther but also fails:
$ gnutls-cli -p 443 www.webnotes.cz
Processed 570 CA certificate(s).
Resolving 'www.webnotes.cz:443'...
Connecting to '88.208.118.6:443'...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
- subject `CN=www.webnotes.cz', issuer `CN=RapidSSL SHA256 CA - G2,O=GeoTrust
Inc.,C=US', serial 0x3160096ae33502e13d65ef2b0c352997, RSA key 2048 bits,
signed using RSA-SHA256, activated `2016-04-27 00:00:00 UTC', expires
`2019-07-27 23:59:59 UTC', key-ID
`sha256:305b74eb058e0d69636f7a888787ae8c5ad3c647717ed1c80b934cff05feae88'
Public Key ID:
sha1:e4b98c39dbdbe4aebf0c682fa5e3b1be5c4870f7
sha256:305b74eb058e0d69636f7a888787ae8c5ad3c647717ed1c80b934cff05feae88
Public key's random art:
+--[ RSA 2048]----+
| |
| |
| . . o |
| o + o |
| . S E |
| . *.. |
| Oo= . |
| o+O * |
| oB+==B. |
+-----------------+
- Status: The certificate is NOT trusted. The certificate issuer is unknown.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
More information about the Interest
mailing list