Has anyone had any success getting an android device to participate in a two-way SSL hanshake? ie with a client cert involved on the device? After installing the client cert from the sd card - i cannot connect to the URL that requires a two way ssl handshake in either the browser or the mail app. (we secure our mail server behind a hardware appliance that establishes the SSL connection).
The Device just throws an SSL handshake error. Our setup works on all desktop browsers, iphones and WinMo devices with the client cert installed.
This is the error log from the device (HTC Desire with 2.1):
D/EAS_AppSvc( 422): 06021143 > testServer()
D/EAS_AppSvc( 422): 06021143 > initEASService()
V/EAS DeviceInfo( 422): GetDeviceID: 4020b869
D/EAS_AppSvc( 422): 06021143 (1)connect to > https://serverxxx.com.au/Microsoft-Server-ActiveSync?User=u415434&DeviceId=HTCAnd4020b869&DeviceType=htcbravo
I/AlertDialog( 422): [onCreate] auto launch SIP.
D/EASProgressDialog( 422): 06021143 onStart()
D/EAS_AppSvc( 422): 06021143 onServiceStateChanged :serviceState = 0 home Telstra Mobile (N/A) 50501 HSDPA CSS not supported -1 -1RoamInd: -1DefRoamInd: -1EriInd: -1EriMode: -1RadioPowerSv: false
I/LockUtil( 422): 06021143 - acquire PowerLock - PARTIAL_WAKE_LOCK: EAS_NETWORK_CHANGE
D/EAS_AppSvc( 422): 06021143 isWifiNetwork: false
D/EAS_AppSvc( 422): 06021143 isWifiNetwork: false
D/EAS_AppSvc( 422): 06021143 isMobileNetwork: true
D/EAS_AppSvc( 422): 06021143 NETWORK_STATE_CHANGED: isWifi:false, isMobile:true
D/EAS_AppSvc( 422): 06021143 SvcHandler - Account not configured
I/LockUtil( 422): 06021143 - release PowerLock: EAS_NETWORK_CHANGE
D/TelephonyRegistry( 81): notifyDataConnection() state=2isDataConnectivityPossible()true, reason=null
D/TelephonyRegistry( 81): broadcastDataConnectionStateChanged() state=CONNECTEDtypes=default,supl, interfaceName=rmnet0
D/NetworkLocationProvider( 81): onDataConnectionStateChanged 8
D/MobileDataStateTracker( 81): replacing old mInterfaceName (rmnet0) with rmnet0 for supl
D/PhoneApp( 145): mReceiver: ACTION_ANY_DATA_CONNECTION_STATE_CHANGED
D/PhoneApp( 145): - state: CONNECTED
D/PhoneApp( 145): - reason: null
D/PendingMsgSendReceiverRegister( 372): onReceive, start to send QueuedMessage
D/PendingMsgSendReceiverRegister( 372): SmsReceiverService_handleServiceStateChanged() sendFirstQueuedMessage >>
D/PendingMsgSendReceiverRegister( 372): SmsReceiverService_handleServiceStateChanged() sendFirstQueuedMessage <<
V/MmsSystemEventReceiver( 372): Intent received: Intent { act=android.intent.action.ANY_DATA_STATE cmp=com.android.mms/.transaction.MmsSystemEventReceiver (has extras) }
E/OpenSSLSocketImpl( 422): Unknown error 1 during connect
W/System.err( 422): java.io.IOException: SSL handshake failure: Failure in SSL library, usually a protocol error
W/System.err( 422): error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure (external/openssl/ssl/s3_pkt.c:1053 0x4b1778:0x00000003)
W/System.err( 422): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.nativeconnect(Native Method)
W/System.err( 422): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:305)
W/System.err( 422): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92)
W/System.err( 422): at com.htc.android.mail.eassvc.common.EASHostnameVerifier.verify(EASHostnameVerifier.java:34)
W/System.err( 422): at com.htc.android.mail.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:242)
W/System.err( 422): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:129)
W/System.err( 422): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
W/System.err( 422): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
W/System.err( 422): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348)
W/System.err( 422): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
W/System.err( 422): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
W/System.err( 422): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
W/System.err( 422): at android.net.http.AndroidHttpClient.execute(AndroidHttpClient.java:283)
W/System.err( 422): at com.htc.android.mail.eassvc.EASAppSvc.testServer(EASAppSvc.java:3999)
W/System.err( 422): at com.htc.android.mail.eassvc.EASAppSvc$2.testServer(EASAppSvc.java:600)
W/System.err( 422): at com.htc.android.mail.easclient.ExchangeSvrSetting$TestServerThread.run(ExchangeSvrSetting.java:1188)
I/EAS_AppSvc( 422): 06021143 testServer(), IOException(1): SSL handshake failure: Failure in SSL library, usually a protocol error
I/EAS_AppSvc( 422): error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure (external/openssl/ssl/s3_pkt.c:1053 0x4b1778:0x00000003)
V/EAS DeviceInfo( 422): GetDeviceID: 4020b869
D/EAS_AppSvc( 422): 06021143 (2)connect to > https://serverxxx.com.au/Microsoft-Server-ActiveSync?User=u415434&DeviceId=HTCAnd4020b869&DeviceType=htcbravo
E/OpenSSLSocketImpl( 422): Unknown error 1 during connect
W/System.err( 422): java.io.IOException: SSL handshake failure: Failure in SSL library, usually a protocol error
W/System.err( 422): error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure (external/openssl/ssl/s3_pkt.c:1053 0x3f9e10:0x00000003)
W/System.err( 422): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.nativeconnect(Native Method)
W/System.err( 422): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:305)
W/System.err( 422): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92)
W/System.err( 422): at com.htc.android.mail.eassvc.common.EASHostnameVerifier.verify(EASHostnameVerifier.java:34)
W/System.err( 422): at com.htc.android.mail.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:242)
W/System.err( 422): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:129)
W/System.err( 422): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
W/System.err( 422): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
W/System.err( 422): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348)
W/System.err( 422): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
W/System.err( 422): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
W/System.err( 422): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
W/System.err( 422): at android.net.http.AndroidHttpClient.execute(AndroidHttpClient.java:283)
W/System.err( 422): at com.htc.android.mail.eassvc.EASAppSvc.testServer(EASAppSvc.java:3999)
W/System.err( 422): at com.htc.android.mail.eassvc.EASAppSvc$2.testServer(EASAppSvc.java:600)
W/System.err( 422): at com.htc.android.mail.easclient.ExchangeSvrSetting$TestServerThread.run(ExchangeSvrSetting.java:1188)
I/EAS_AppSvc( 422): 06021143 testServer(), IOException(2): SSL handshake failure: Failure in SSL library, usually a protocol error
I/EAS_AppSvc( 422): error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure (external/openssl/ssl/s3_pkt.c:1053 0x3f9e10:0x00000003)
D/EASProgressDialog( 422): 06021143 onStop()
V/HtcAlertDialog( 422): onStop
I/HtcAlertDialog( 422): deinitSensor