排球库和HTTPS请求

Question

I tried to look for some answers for me here, but I just fail to find anything that solves my problem.

In project I am working on we are going to change our domain. Change is bit tricky - we have to also change connection from HTTP to HTTPS. I've received .crt key (let's say, example.tech.crt - will change all of company name to "example"). After few hours of constant failures I decided to write here.

First of all, I tried using this tutorial http://ogrelab.ikratko.com/using-android-volley-with-self-signed-certificate/ - and it didn't work (I don't even mean that I had to use deprecated Apache libs because of API23). In case this is needed, this is how I created BKS file:

keytool -importcert -v -trustcacerts -file "example.tech.crt" -alias example_tech
        -keystore "example_tech.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider
        -providerpath "bcprov-jdk16-146.jar" -storetype BKS

Then, I tried this approach Does Android Volley support SSL? - the one from best answer (with ignoring domain name check). I still tried to use BKS file - I've got some exceptions about casting errors, so I changed line:

CertificateFactory cf = CertificateFactory.getInstance("X.509");

to

CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");

as suggested somewhere - error still persisted. I tried to use .crt file instead of BKS - I still fail.

Every single time I get same error:

javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: 
SSL handshake aborted: ssl=0x650f83a0: Failure in SSL library, usually a protocol error
error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol 
(external/openssl/ssl/s23_clnt.c:714 0x5fda0d74:0x00000000)

I tried to do pretty much same requests using Postman and they work on same address without any problem, so this is not server problem. I tried to use various domains - example.tech, www.example.tech, example.tech:80 and so on (always with https of course).

Below is example curl-like request (of course censored):

curl request: curl -X "POST"
 -D "grant_type=password&password=[passwordHere]&username=[emailHere]&"
 -H 'Authorization: Basic [tokenHere]
 "https://example.tech/oauth/token"

I fail to see what's wrong with my code and I'd be really happy to see what I am doing wrong in here. If there's any more code needed, feel free to ask for it (but 99% of it is like in second link, only with really small changes).

Answer 1

Consider this topic as example of poor comunication. After hours of trying to make this work we made to work:

• we are NOT using selfsigned certificates, so adding key to application is terrible idea (since they change each 3 months)
• unsupported protocol exception came from older Android APIs (<20 or <21), which are supported in this application. From I do understand (considering my poor knowledge about SSL connections) our site uses TLS, but older Android systems (pre-Lollipop I guess) have this turned off by default. Proper way of fixing this was creating custom TLSSocketFactory and using it in HurlStack used to initialize RequestQueue. After that exception disappeared.