Problem with apns: certificate_expired? #41

Closed
cmittendorf opened this Issue May 18, 2011 · 4 comments

Comments

Projects
None yet
3 participants
@cmittendorf

Hi!

Following the description on the wiki page I updated my keystore to include all the keys from Apple's apns service. However, when I talk to the feedback server, I do still get an SSLHandshakeException. Before the update, the Exception was

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Now it's

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_expired
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1657)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:932)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:744)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:50)
at java.io.DataInputStream.readInt(DataInputStream.java:370)
at com.notnoop.apns.internal.Utilities.parseFeedbackStreamRaw(Utilities.java:192)

I think it would be helpful if this project would use some kind of AllTrustingSSLSocketFactory, not bothering with what f***up Apple is doing with it's servers.

Regards
Christian

@notnoop

This comment has been minimized.

Show comment
Hide comment
@notnoop

notnoop May 18, 2011

Owner

I think there is still a case to be made to have such feature. However, you can create your own trusting SSLContext.

Rather than using withCert(), you can use withSSLContext where the SSLContext trusts all certificates: http://www.exampledepot.com/egs/javax.net.ssl/TrustAll.html .

Owner

notnoop commented May 18, 2011

I think there is still a case to be made to have such feature. However, you can create your own trusting SSLContext.

Rather than using withCert(), you can use withSSLContext where the SSLContext trusts all certificates: http://www.exampledepot.com/egs/javax.net.ssl/TrustAll.html .

@cmittendorf

This comment has been minimized.

Show comment
Hide comment
@cmittendorf

cmittendorf May 23, 2011

Yes, you're right. I'll give withSSLContext a try.

Yes, you're right. I'll give withSSLContext a try.

@notnoop

This comment has been minimized.

Show comment
Hide comment
@notnoop

notnoop May 23, 2011

Owner

I reconsidered my position on this one and I think that feature belonged in the library. I'll add it hopefully in time for 0.2.0.

Owner

notnoop commented May 23, 2011

I reconsidered my position on this one and I think that feature belonged in the library. I'll add it hopefully in time for 0.2.0.

@notnoop notnoop reopened this May 23, 2011

@froh42

This comment has been minimized.

Show comment
Hide comment
@froh42

froh42 May 21, 2014

Contributor

Closing old issue, please reopen if still desired.

Contributor

froh42 commented May 21, 2014

Closing old issue, please reopen if still desired.

@froh42 froh42 closed this May 21, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment