Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wss and self signed certificate? #100

Open
un-programador opened this issue May 24, 2016 · 4 comments
Open

wss and self signed certificate? #100

un-programador opened this issue May 24, 2016 · 4 comments

Comments

@un-programador
Copy link

Can I use this framework with a self signed certifcate?

@ocram ocram added the question label May 26, 2016
@ocram
Copy link
Contributor

ocram commented May 26, 2016

Thanks for your question!

Can you try and see what happens?

I'd expect you'll see a javax.net.ssl.SSLHandshakeException somewhere. From the Android documentation:

This can happen for several reasons, including:

  1. The CA that issued the server certificate was unknown
  2. The server certificate wasn't signed by a CA, but was self signed
  3. The server configuration is missing an intermediate CA
    [...]
    In this case, the SSLHandshakeException occurs because you have a CA that isn't trusted by the system. It could be because you have a certificate from a new CA that isn't yet trusted by Android or your app is running on an older version without the CA. More often a CA is unknown because it isn't a public CA, but a private one issued by an organization such as a government, corporation, or education institution for their own use.
    [...]
    A TrustManager is what the system uses to validate certificates from the server and—by creating one from a KeyStore with one or more CAs—those will be the only CAs trusted by that TrustManager.

-- https://developer.android.com/training/articles/security-ssl.html#CommonProblems

In TubeSock, which is the WebSocket library that we use, there is an open pull request that adds support for a custom TrustManager: FirebaseExtended/TubeSock#8

As can be seen, this can be implemented with changes in just a few lines.

Does this help?

@musriabhijit
Copy link

com.firebase.tubesock.WebSocketException: error while creating secure socket to wss://tailmaters-dev.meteorapp.com/websocket
javax.net.ssl.SSLException: hostname in certificate didn't match: <tailmaters-dev.meteorapp.com> != <www.meteor.com> OR <www.meteor.com> with i am getting this exception and it is happening with api level below 23 and it is working fine with above this version i don't know the exact reason so help me in this

@ocram
Copy link
Contributor

ocram commented Oct 18, 2016

There are some news in #101

@ocram
Copy link
Contributor

ocram commented Feb 20, 2017

Now that c4d7226 has arrived, adding support for self-signed certificates should be much simpler.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants