如果没有以前的互联网连接,则无法validationAndroid自签名证书

使用SSL基础架构:

我们有一个工作的客户端/服务器设置,Android版本4.2和4.4的手机充当客户端,必须通过自签名的SSL证书validation服务器。

问题:

只要设备在尝试连接之前至less有一次互联网访问,服务器证书validation就会起作用。 但是,如果执行出厂重置,并且设备直接连接到专用networking而没有互联网连接,则证书validation将失败。

重现行为:

  1. 出厂重置手机
  2. 重新启动,而不select连接到WiFi与互联网接入
  3. 尝试validation自签名的SSL证书 – > FAILS
  4. 使用互联网连接WiFi
  5. 重新连接到原来的专用networking
  6. 尝试validation自签名SSL证书 – > WORKS

从技术上讲,设备不需要互联网访问来validation自签名证书。 在进行任何SSL服务器validation之前,是否会有某种黑名单需要加载? 我能阻止这种行为吗?

创buildSSL上下文:

//Using a client certificate String password = "clientpass"; KeyStore keyStore = KeyStore.getInstance("PKCS12"); InputStream is = context.getResources().openRawResource(R.raw.client); keyStore.load(is, password.toCharArray()); is.close(); KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509"); kmf.init(keyStore, password.toCharArray()); KeyManager[] keyManagers = kmf.getKeyManagers(); // Using self signed certificate CertificateFactory cf = CertificateFactory.getInstance("X.509"); is = context.getResources().openRawResource(R.raw.cacert); InputStream caInput = new BufferedInputStream(is); Certificate ca; try { ca = cf.generateCertificate(caInput); Log.i("CA","ca=" + ((X509Certificate) ca).getSubjectDN()); } finally { caInput.close(); } // Create a KeyStore containing our trusted CAs KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null); trustStore.setCertificateEntry("ca", ca); // Create a TrustManager that trusts the CAs in our KeyStore TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509"); tmf.init(trustStore); TrustManager[] trustManagers = tmf.getTrustManagers(); // Create an SSLContext that uses our Trustmanager and Keymanager SSLContext sslcontext = SSLContext.getInstance("TLS"); sslcontext.init(keyManagers, trustManagers, null); //create a socket to connect with the server SSLSocketFactory socketFactory = sslContext.getSocketFactory(); SSLSocket socket = (SSLSocket) socketFactory.createSocket(serverAddr, port); socket.setUseClientMode(true); socket.addHandshakeCompletedListener(this); socket.startHandshake(); 

在startHandshake中失败,例外:

 javax.net.ssl.SSLHandshakeException: com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException: Could not validate certificate: null 

Solutions Collecting From Web of "如果没有以前的互联网连接,则无法validationAndroid自签名证书"