Skip to content

Loading…

Problem with apns: certificate_expired? #41

Closed
cmittendorf opened this Issue · 4 comments

3 participants

@cmittendorf

Hi!

Following the description on the wiki page I updated my keystore to include all the keys from Apple's apns service. However, when I talk to the feedback server, I do still get an SSLHandshakeException. Before the update, the Exception was

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Now it's

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_expired
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1657)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:932)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:744)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:50)
at java.io.DataInputStream.readInt(DataInputStream.java:370)
at com.notnoop.apns.internal.Utilities.parseFeedbackStreamRaw(Utilities.java:192)

I think it would be helpful if this project would use some kind of AllTrustingSSLSocketFactory, not bothering with what f***up Apple is doing with it's servers.

Regards
Christian

@notnoop
Owner

I think there is still a case to be made to have such feature. However, you can create your own trusting SSLContext.

Rather than using withCert(), you can use withSSLContext where the SSLContext trusts all certificates: http://www.exampledepot.com/egs/javax.net.ssl/TrustAll.html .

@cmittendorf

Yes, you're right. I'll give withSSLContext a try.

@notnoop
Owner

I reconsidered my position on this one and I think that feature belonged in the library. I'll add it hopefully in time for 0.2.0.

@notnoop notnoop reopened this
@froh42
Collaborator

Closing old issue, please reopen if still desired.

@froh42 froh42 closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.