[Interest] Ignore SSL errors on Android 6.0+

Thiago Macieira thiago.macieira at intel.com
Tue Mar 28 09:10:12 CEST 2017 

Em segunda-feira, 27 de março de 2017, às 23:58:32 PDT, Jan 'Koviš' Struhár 
escreveu:
> my mobile app using QNetworkAccessManager to access https://www.webnotes.cz

That website isn't working. Tried curl in the command-line:

$ curl -v https://www.webnotes.cz
* Rebuilt URL to: https://www.webnotes.cz/
*   Trying 88.208.118.6...
* TCP_NODELAY set
* Connected to www.webnotes.cz (88.208.118.6) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to www.webnotes.cz:443 
* stopped the pause stream!
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to www.webnotes.cz:443 

Also OpenSSL directly:

$ openssl s_client -connect www.webnotes.cz:443
CONNECTED(00000003)
139669878310040:error:140790E5:SSL routines:ssl23_write:ssl handshake 
failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 293 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1490684780
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

GnuTLS gets a little farther but also fails:

$ gnutls-cli -p 443 www.webnotes.cz
Processed 570 CA certificate(s).
Resolving 'www.webnotes.cz:443'...
Connecting to '88.208.118.6:443'...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
 - subject `CN=www.webnotes.cz', issuer `CN=RapidSSL SHA256 CA - G2,O=GeoTrust 
Inc.,C=US', serial 0x3160096ae33502e13d65ef2b0c352997, RSA key 2048 bits, 
signed using RSA-SHA256, activated `2016-04-27 00:00:00 UTC', expires 
`2019-07-27 23:59:59 UTC', key-ID 
`sha256:305b74eb058e0d69636f7a888787ae8c5ad3c647717ed1c80b934cff05feae88'
        Public Key ID:
                sha1:e4b98c39dbdbe4aebf0c682fa5e3b1be5c4870f7
                sha256:305b74eb058e0d69636f7a888787ae8c5ad3c647717ed1c80b934cff05feae88
        Public key's random art:
                +--[ RSA 2048]----+
                |                 |
                |                 |
                |    . . o        |
                |     o + o       |
                |      . S E      |
                |     . *..       |
                |      Oo= .      |
                |     o+O *       |
                |     oB+==B.     |
                +-----------------+

- Status: The certificate is NOT trusted. The certificate issuer is unknown. 

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel Open Source Technology Center

More information about the Interest mailing list