SSL fails with "No peer certificate"

[omigeot-ccpo]

When logging in with HTTPS (on an SNI enabled host), an exception occurs : javax.net.ssl.SSLPeerUnverifiedException: No peer certificate

This happens on several Android versions (2.3 and 4.0 tested), and only on some servers (zottel's and abcentric.net, for now).

[luelista]

I don't know why this happens - I'm using the internal android api functions to do these web requests, so they should work the same as browser, and I can't really change their behaviour.

What I could try is to provide a setting to completely disable any certificate checks.

[omigeot-ccpo]

Le 13/06/2012 21:41, Max Weller a écrit :

I don't know why this happens - I'm using the internal android api functions to do these web requests, so they should work the same as browser, and I can't really change their behaviour.
I'm trying to find some litterature on the subject, but my Java
knowledge is getting pretty old and unused. At the very least, it seems
that browser and internal API funcs are NOT supposed to work the same.
At least on Gingerbread, where browser doesn't support SNI (name based
VHost through SSL), but API functions do. That's what leads me into
thinking SNI isn't the problem, but something else in the way StartSSL
works - something about their intermediate CA maybe.
What I could try is to provide a setting to completely disable any certificate checks.
That would be a very nice workaround, of course. A slightly better one
would be to allow self-signed certs - just keeping their fingerprints
and raising an alert when they change.

But the fight isn't over yet :)

Olivier