Android Question Adding CA Bundle for Http POST request

Sreepathy T L

Member
Licensed User
Longtime User
Hi,
I want to upload a file to https url along with some POST parameters:

Current Code:
B4X:
    Dim j As HttpJob
    j.Initialize("j", Me)
  
    Dim fd As MultipartFileData
    fd.Initialize
    fd.KeyName = "xxxxxxx"
    fd.Dir = File.DirInternal
    fd.FileName = "xxxxx.db"
    fd.ContentType = "application/octet-stream"
    j.GetRequest.Timeout = 0
    j.PostMultipart("https://abcd.mydomain.com/application/", CreateMap("uid": "12345","authkey":
"abcdef","appver":"1"), Array(fd))
    ProgressDialogShow2("Uploading data. Please wait...",False)

Sub JobDone(job As HttpJob)
    ProgressDialogHide
    If(job.JobName = "j")Then
        If job.Success Then
                Msgbox("Data uploaded successfully","Success")
        Else
            Msgbox("Error: " & job.ErrorMessage, "Error")
        End If
    End If
End Sub

Now I am getting this error

B4X:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found

at this line
B4X:
   Msgbox("Error: " & job.ErrorMessage, "Error")


When I checked with openssl
B4X:
openssl s_client -debug -connect abcd.mydomain.com:443 -CAfile .\cacert.pem
it works successfully

cacert.pem is downloaded from https://curl.haxx.se/ca/cacert.pem

So ultimately it is the missing CA bundle in the https request which causes the error.

Question 1: How I can include the CA bundle in the application which will be used during https requests?

I saw the post https://www.b4x.com/android/forum/threads/connecting-to-https-secured-urls.7057/
where Erel has suggested to use Http.InitializeAcceptAll which I think will override https verification. But I could not use it due to error
B4X:
Unknown member initializeacceptall
since j is of type HttpJob.

Question 2: I could not find any example using HttpClient, HttpRequest & HttpResponse to send a post request with file upload. Can anyone please post a simple example?
 

DonManfred

Expert
Licensed User
Longtime User
why you create TWO IDENTICAL Threads?
But this one with more info
 
Upvote 0

DonManfred

Expert
Licensed User
Longtime User
where Erel has suggested to use Http.InitializeAcceptAll which I think will override https verification. But I could not use it due to error
he suggested to use the source version of httputils2 and change the hc.initialize to hc.initializeAcceptAll in the service-code
 
Upvote 0

Sreepathy T L

Member
Licensed User
Longtime User
why you create TWO IDENTICAL Threads?
But this one with more info
Actually both are 2 different issues. I think the forum script in your website is storing the details in session and updating it through ajax in all open tabs. I am sorry that I was not aware of this behavior.

For this post https://www.b4x.com/android/forum/threads/adding-ca-bundle-for-http-post-request.89291/

I had actually typed a different title, however it went with the title of this thread without my notice.
 
Upvote 0

Sreepathy T L

Member
Licensed User
Longtime User
I suggest to get a Cert. from a Trusted Autorisation. There are free ones available. Let´s encrypt for example.

I am already having a valid HTTPS - SSL certificate in my server (not self signed). Only issue is that the certificate is not recognized in the mobile application since CA certificate is not available with the client (here B4a application) which fails the SSL handshake, I guess.

As you said above that
not that i know of
I think I have to go with InitializeAcceptAll
 
Upvote 0

KMatle

Expert
Licensed User
Longtime User
Upvote 0

Sreepathy T L

Member
Licensed User
Longtime User
The main problem is to use self signed certificates or ones which are not valid. To me it's a security issue, too. Using "accept all" is just a workarround. Better: Use an official certificate.
Pls see the above post.
I am already having a valid HTTPS - SSL certificate in my server (not self signed). Only issue is that the certificate is not recognized in the mobile application since CA certificate is not available with the client (here B4a application) which fails the SSL handshake, I guess.
 
Upvote 0

Sreepathy T L

Member
Licensed User
Longtime User
he suggested to use the source version of httputils2 and change the hc.initialize to hc.initializeAcceptAll in the service-code
I have added both the modules in HttpUtils2: HttpJob.bas and HttpUtils2Service.bas. Also the dependencies - HTTP (version 1.36) and StringUtils (Version 1.02) - have been checked in Libraries Manager. However, when I compile, I am getting error in HTTPJob module:

B4X:
Public Sub GetString2(Encoding As String) As String
    Return res.GetString2(Encoding)
End Sub

Error: unknown member getstring2

Please help
 
Upvote 0

Sreepathy T L

Member
Licensed User
Longtime User
Upvote 0

Sreepathy T L

Member
Licensed User
Longtime User
Are you sure? I downloaded and replaced the files from your post (tried with both the HTTPJob modules present in the attached ZIP, same error comes) and tried. I doubt whether there is some missing dependency. I am not able to find any sub named InitializeAcceptAll in the bas files. Also please note that j is of type HTTPJob
 
Last edited:
Upvote 0

DonManfred

Expert
Licensed User
Longtime User
Maybe you need to have a newer version of B4A for it.

okhttp is part of the installation. i have 1.2 of okhttp lib inside my B4A installation.

I am not able to find any sub named InitializeAcceptAll in the bas files

There is no such sub!
The httpclient have InitializeAcceptAll beside Initialize

okhttp032.png


okhttp033.png
 
Upvote 0

Sreepathy T L

Member
Licensed User
Longtime User
Last edited:
Upvote 0

Erel

B4X founder
Staff member
Licensed User
Longtime User
Upvote 0

Sreepathy T L

Member
Licensed User
Longtime User
When using Initialize the exception was "javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found"

after changing to InitializeAcceptAll, the error changed to
"javax.net.ssl.SSLException: Connection closed by peer"

These errors started coming after we disabled TLS 3 and TLS 1.0 in our server enabling only
TLSv1.1 and TLSv1.2 in IIS Settings.

In Marshmallow and later OS, the error is not coming as TLS 1.1/1.2 is enabled by default.
 
Upvote 0
Top