Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Https fails #19443

Open
imtrobin opened this Issue Feb 27, 2019 · 5 comments

Comments

Projects
None yet
2 participants
@imtrobin
Copy link

imtrobin commented Feb 27, 2019

  • cocos2d-x version: 3.17.1
  • devices test on: Xiaomi, Oppo, others
  • developing environments
    • NDK version: r19
    • Xcode version:
    • VS version:
    • browser type and version:

Steps to Reproduce:

  1. A new hello world project. Add this to the end of init

    HttpRequest* request = new HttpRequest();
    request->setRequestType(HttpRequest::Type::GET);
    request->setUrl("https://www.mocky.io/v2/5185415ba171ea3a00704eed");
    request->setResponseCallback( [=] (HttpClient *sender, HttpResponse *response)
    {
    if (nullptr != response && 200 == response->getResponseCode())
    {
    std::vector *data = response->getResponseData();
    string ret(&(data->front()), data->size());
    label->setString (ret);
    }
    else
    label->setString ("HTTPS Error");
    });
    HttpClient::getInstance()->send(request);
    request->release();

  2. On windows, it works. On Android, I get HTTPS Error. If i change url to http, it works on Android. Tested on a couple of phones.

@imtrobin

This comment has been minimized.

Copy link
Author

imtrobin commented Feb 27, 2019

I have tessted another https url, the oppo r11 works, but xiaomi still fails.

@imtrobin

This comment has been minimized.

@imtrobin

This comment has been minimized.

Copy link
Author

imtrobin commented Mar 4, 2019

I implemented the above, and it works!

I modified createHttpURLConnection to set the SSLFactory because it throws before reaching setVerifySSL.

if (urlConnection instanceof HttpsURLConnection)
 {
	 SSLContext context = SSLContext.getInstance("TLS");
	 context.init(null,  null, null);
	 
	 SSLSocketFactory noSSLv3Factory = null;
	 if (Build.VERSION.SDK_INT <= Build.VERSION_CODES.KITKAT)
	 {
	     noSSLv3Factory = new TLSSocketFactory(context.getSocketFactory());
	 } else {
	     noSSLv3Factory = context.getSocketFactory();
	 }
	 
	 HttpsURLConnection httpsURLConnection = (HttpsURLConnection)urlConnection;
	 httpsURLConnection.setSSLSocketFactory(noSSLv3Factory);
}

Also, I could only get it to work on trusted certs, https://www.mocky.io/ is untrusted cert according to https://www.digicert.com/help/

So not sure if this is the best correct fix, but the current implementation does not work on older devices where above works.

@imtrobin

This comment has been minimized.

Copy link
Author

imtrobin commented Mar 4, 2019

It seems like setVerifySSL is only used for socket.io, so my above "fix" is needed for Android 4 devices, correct?

@rh101

This comment has been minimized.

Copy link
Contributor

rh101 commented Mar 6, 2019

If it's not trusted on Android devices, it may mean the Let's Encrypt root certificate doesn't exist on those older devices.

You can always just pass in the certificate in your code to avoid having the users install the root certificate:

auto certPath = FileUtils::getInstance()->fullPathForFilename("certificate.pem");
network::HttpClient::getInstance()->setSSLVerification(certPath);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.