Android Question Adding CA Bundle for Http POST request

[Sreepathy T L]

Hi,
I want to upload a file to https url along with some POST parameters:

Current Code:

    Dim j As HttpJob
    j.Initialize("j", Me)
  
    Dim fd As MultipartFileData
    fd.Initialize
    fd.KeyName = "xxxxxxx"
    fd.Dir = File.DirInternal
    fd.FileName = "xxxxx.db"
    fd.ContentType = "application/octet-stream"
    j.GetRequest.Timeout = 0
    j.PostMultipart("https://abcd.mydomain.com/application/", CreateMap("uid": "12345","authkey":
"abcdef","appver":"1"), Array(fd))
    ProgressDialogShow2("Uploading data. Please wait...",False)

Sub JobDone(job As HttpJob)
    ProgressDialogHide
    If(job.JobName = "j")Then
        If job.Success Then
                Msgbox("Data uploaded successfully","Success")
        Else
            Msgbox("Error: " & job.ErrorMessage, "Error")
        End If
    End If
End Sub

Now I am getting this error

javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found

at this line

   Msgbox("Error: " & job.ErrorMessage, "Error")

When I checked with openssl

openssl s_client -debug -connect abcd.mydomain.com:443 -CAfile .\cacert.pem

it works successfully

cacert.pem is downloaded from https://curl.haxx.se/ca/cacert.pem

So ultimately it is the missing CA bundle in the https request which causes the error.

Question 1: How I can include the CA bundle in the application which will be used during https requests?

I saw the post https://www.b4x.com/android/forum/threads/connecting-to-https-secured-urls.7057/
where Erel has suggested to use Http.InitializeAcceptAll which I think will override https verification. But I could not use it due to error

Unknown member initializeacceptall

since j is of type HttpJob.

Question 2: I could not find any example using HttpClient, HttpRequest & HttpResponse to send a post request with file upload. Can anyone please post a simple example?

 

[DonManfred]

why you create TWO IDENTICAL Threads?
But this one with more info

 

[DonManfred]

where Erel has suggested to use Http.InitializeAcceptAll which I think will override https verification. But I could not use it due to error

he suggested to use the source version of httputils2 and change the hc.initialize to hc.initializeAcceptAll in the service-code

 

[Sreepathy T L]

why you create TWO IDENTICAL Threads?
But this one with more info

Actually both are 2 different issues. I think the forum script in your website is storing the details in session and updating it through ajax in all open tabs. I am sorry that I was not aware of this behavior.

For this post https://www.b4x.com/android/forum/threads/adding-ca-bundle-for-http-post-request.89291/

I had actually typed a different title, however it went with the title of this thread without my notice.

 

[Sreepathy T L]

he suggested to use the source version of httputils2 and change the hc.initialize to hc.initializeAcceptAll in the service-code

OK, but is it possible to include my CA Cert bundle, as I do not prefer to by-pass the certificate check?

 

[DonManfred]

Actually both are 2 different issues.

the thread titles was IDENTICAL!

 

[DonManfred]

OK, but is it possible to include my CA Cert bundle

not that i know of

 

[DonManfred]

I suggest tto get a Cert. from a Trusted Autorisation. There are free ones available. Let´s encrypt for example.

 

[Sreepathy T L]

I suggest to get a Cert. from a Trusted Autorisation. There are free ones available. Let´s encrypt for example.

I am already having a valid HTTPS - SSL certificate in my server (not self signed). Only issue is that the certificate is not recognized in the mobile application since CA certificate is not available with the client (here B4a application) which fails the SSL handshake, I guess.

As you said above that

not that i know of

I think I have to go with InitializeAcceptAll

 

[KMatle]

The main problem is to use self signed certificates or ones which are not valid. To me it's a security issue, too. Using "accept all" is just a workarround. Better: Use an official certificate.

 

[Sreepathy T L]

The main problem is to use self signed certificates or ones which are not valid. To me it's a security issue, too. Using "accept all" is just a workarround. Better: Use an official certificate.

Pls see the above post.
I am already having a valid HTTPS - SSL certificate in my server (not self signed). Only issue is that the certificate is not recognized in the mobile application since CA certificate is not available with the client (here B4a application) which fails the SSL handshake, I guess.

 

[Sreepathy T L]

he suggested to use the source version of httputils2 and change the hc.initialize to hc.initializeAcceptAll in the service-code

I have added both the modules in HttpUtils2: HttpJob.bas and HttpUtils2Service.bas. Also the dependencies - HTTP (version 1.36) and StringUtils (Version 1.02) - have been checked in Libraries Manager. However, when I compile, I am getting error in HTTPJob module:

Public Sub GetString2(Encoding As String) As String
    Return res.GetString2(Encoding)
End Sub

Error: unknown member getstring2

Please help

 

[DonManfred]

You did used the modules from here:

https://www.b4x.com/android/forum/threads/b4x-okhttputils2-ihttputils2-httputils2-source-code.82632/

 

[Sreepathy T L]

You did used the modules from here:

https://www.b4x.com/android/forum/threads/b4x-okhttputils2-ihttputils2-httputils2-source-code.82632/

No. Now I downloaded from the above URL and added to project (version 2.62). However the error

Unknown member: initializeacceptall
Occurred on line: 308
j.InitializeAcceptAll("j",Me)

is coming now. These are the other libraries included. I am using B4a version 5.50.

 

[DonManfred]

I downloaded the file today too. It is working for me here

 

[Sreepathy T L]

Are you sure? I downloaded and replaced the files from your post (tried with both the HTTPJob modules present in the attached ZIP, same error comes) and tried. I doubt whether there is some missing dependency. I am not able to find any sub named InitializeAcceptAll in the bas files. Also please note that j is of type HTTPJob

 

[DonManfred]

Maybe you need to have a newer version of B4A for it.

okhttp is part of the installation. i have 1.2 of okhttp lib inside my B4A installation.

I am not able to find any sub named InitializeAcceptAll in the bas files

There is no such sub!
The httpclient have InitializeAcceptAll beside Initialize

 

[Sreepathy T L]

ok. I upgraded the okhttp lib inside my B4A installation to version 1.20. Now the error is javax.net.ssl.sslexception connection closed by peer. I have seen a solution in android platform in SO.
https://stackoverflow.com/questions...ction-closed-by-peer-on-4-4-2-device-works-on
Can this solution be implemented in B4A?

Edit: One more solution for native android
https://github.com/square/okhttp/issues/2372

 

[Erel]

Edit: One more solution for native android
https://github.com/square/okhttp/issues/2372

See the discussion. It doesn't look like any of these solutions work.

I'm also not sure that it is related to your issue. You should post the full error message from the logs.

Does it work with InitializeAcceptAll?

 

[Sreepathy T L]

When using Initialize the exception was "javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found"

after changing to InitializeAcceptAll, the error changed to
"javax.net.ssl.SSLException: Connection closed by peer"

These errors started coming after we disabled TLS 3 and TLS 1.0 in our server enabling only
TLSv1.1 and TLSv1.2 in IIS Settings.

In Marshmallow and later OS, the error is not coming as TLS 1.1/1.2 is enabled by default.