Unable to do SSL handshake when sending message to GCM servers
1,044 views
Skip to first unread message
Georgi Christov
Sep 1, 2012, 4:36:55 PM9/1/12
to andro...@googlegroups.com
Hi Guys,
I just found out about Google's messaging service and I am currently trying to adapt my app to use it. The problem I am having is when I try to send a message to my device. Here is the situation: I have a custom Java-based SSL server with its own certificate; the Android app is making requests to that server using HTTPS; I've set up the Android-side of the GCM service - I have a service and a broadcast receiver to receive data; I have registered the device using the code from the example project; finally, I have copied the .jar files and added them to the build path. I am trying to send a message to the device using the following code:
Sender sender = new Sender( "API_KEY" );
Message message = new Message.Builder().addData( "message", description ).build();
Result result = sender.send( message, ID, 1 );
System.out.println( result );
.. and I get the following exception:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
at com.google.android.gcm.server.Sender.post(Sender.java:479)
at com.google.android.gcm.server.Sender.post(Sender.java:458)
at com.google.android.gcm.server.Sender.sendNoRetry(Sender.java:170)
at com.google.android.gcm.server.Sender.send(Sender.java:121)
at tria.database.Database.doCreateNotification(Database.java:1517)
at tria.database.Database.doFollow(Database.java:1478)
at tria.connectionHandlers.ConnectionHandler.handleConnection(ConnectionHandler.java:563)
at tria.connectionHandlers.TriaGETParser.parseBrowserRequest(TriaGETParser.java:77)
at tria.threadpool.Worker.run(Worker.java:43)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 21 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 27 more
Is there something that I am missing? Thanks a lot :)
I just found out about Google's messaging service and I am currently trying to adapt my app to use it. The problem I am having is when I try to send a message to my device. Here is the situation: I have a custom Java-based SSL server with its own certificate; the Android app is making requests to that server using HTTPS; I've set up the Android-side of the GCM service - I have a service and a broadcast receiver to receive data; I have registered the device using the code from the example project; finally, I have copied the .jar files and added them to the build path. I am trying to send a message to the device using the following code:
Sender sender = new Sender( "API_KEY" );
Message message = new Message.Builder().addData( "message", description ).build();
Result result = sender.send( message, ID, 1 );
System.out.println( result );
.. and I get the following exception:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
at com.google.android.gcm.server.Sender.post(Sender.java:479)
at com.google.android.gcm.server.Sender.post(Sender.java:458)
at com.google.android.gcm.server.Sender.sendNoRetry(Sender.java:170)
at com.google.android.gcm.server.Sender.send(Sender.java:121)
at tria.database.Database.doCreateNotification(Database.java:1517)
at tria.database.Database.doFollow(Database.java:1478)
at tria.connectionHandlers.ConnectionHandler.handleConnection(ConnectionHandler.java:563)
at tria.connectionHandlers.TriaGETParser.parseBrowserRequest(TriaGETParser.java:77)
at tria.threadpool.Worker.run(Worker.java:43)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 21 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 27 more
Is there something that I am missing? Thanks a lot :)
Georgi Christov
Sep 1, 2012, 4:39:09 PM9/1/12
to andro...@googlegroups.com
Forgot to mention that the Android app can successfully talk to the server over SSL so the problem is not with my certificates I am guessing.
Message has been deleted
Nasif
Sep 2, 2012, 11:37:37 AM9/2/12
to andro...@googlegroups.com
It is because u are already loading a certificate in java key store in your server so when u r trying to send gcm message from server side using google provided server.jar httpurl connection try to use this keystore
U can fix this problem by editing httpurlconnection in server . Jar to accept any certificate from google server when sending push
Sent from iPod
--
You received this message because you are subscribed to the Google Groups "android-gcm" group.
To post to this group, send email to andro...@googlegroups.com.
To unsubscribe from this group, send email to android-gcm...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/android-gcm/-/bzjUMzfUXnoJ.
For more options, visit https://groups.google.com/groups/opt_out.
Reply all
Reply to author
Forward
0 new messages