Andorid的好东西移动全栈技术之路程序员

Android OkHttp3使用http2问题记录

2016-07-18  本文已影响1443人  offbye西涛

Android Okhttp3使用http2.0协议的接口时,发现一个问题,打印错误Log E/NativeCrypto: ssl=0xd25d4000 cert_verify_callback x509_store_ctx,Google上没有查到相关的信息,毕竟现在http2用的还很少。经查看Android源码,排查发现这只是个LOG,不是错误,可以放心的用http2了。

测试http2发现android打印了下面的LOG


07-08 14:33:57.182 13670-13697/com.qianmi.shine I/System.out: [CDS]connect[shineapi2.qianmi.com/120.55.247.77:443] tm:20
07-08 14:33:57.187 13670-13697/com.qianmi.shine E/Posix: [Posix_connect Debug]Process com.qianmi.shine :443
07-08 14:33:57.251 13670-13697/com.qianmi.shine D/libc-netbsd: [getaddrinfo]: hostname=shineapi2.qianmi.com; servname=(null); cache_mode=(null), netid=0; mark=0
07-08 14:33:57.252 13670-13697/com.qianmi.shine D/libc-netbsd: [getaddrinfo]: ai_addrlen=0; ai_canonname=(null); ai_flags=4; ai_family=0
07-08 14:33:57.300 13670-13697/com.qianmi.shine E/NativeCrypto: ssl=0xd25d4000 cert_verify_callback x509_store_ctx=0xdec78080 arg=0x0
07-08 14:33:57.301 13670-13697/com.qianmi.shine E/NativeCrypto: ssl=0xd25d4000 cert_verify_callback calling verifyCertificateChain authMethod=ECDHE_RSA
07-08 14:33:57.431 13670-13697/com.qianmi.shine I/System.out: gba_cipher_suite:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

到github上找下相关的Android源码,
https://github.com/ACSOP/android_libcore/blob/88e2ca00cc0c161d9aa3e512b8ae58b3091dbf87/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp


/**
 * Verify the X509 certificate via SSL_CTX_set_cert_verify_callback
 */
static int cert_verify_callback(X509_STORE_CTX* x509_store_ctx, void* arg __attribute__ ((unused)))
{
    /* Get the correct index to the SSLobject stored into X509_STORE_CTX. */
    SSL* ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data(x509_store_ctx,
            SSL_get_ex_data_X509_STORE_CTX_idx()));
    JNI_TRACE("ssl=%p cert_verify_callback x509_store_ctx=%p arg=%p", ssl, x509_store_ctx, arg);

    AppData* appData = toAppData(ssl);
    JNIEnv* env = appData->env;
    if (env == NULL) {
        LOGE("AppData->env missing in cert_verify_callback");
        JNI_TRACE("ssl=%p cert_verify_callback => 0", ssl);
        return 0;
    }
    jobject sslHandshakeCallbacks = appData->sslHandshakeCallbacks;

    jclass cls = env->GetObjectClass(sslHandshakeCallbacks);
    jmethodID methodID
        = env->GetMethodID(cls, "verifyCertificateChain", "([[BLjava/lang/String;)V");

    jobjectArray objectArray = getCertificateBytes(env, x509_store_ctx->untrusted);

    const char* authMethod = SSL_authentication_method(ssl);
    JNI_TRACE("ssl=%p cert_verify_callback calling verifyCertificateChain authMethod=%s",
              ssl, authMethod);
    jstring authMethodString = env->NewStringUTF(authMethod);
    env->CallVoidMethod(sslHandshakeCallbacks, methodID, objectArray, authMethodString);

    int result = (env->ExceptionCheck()) ? 0 : 1;
    JNI_TRACE("ssl=%p cert_verify_callback => %d", ssl, result);
    return result;
}

JNI_TRACE其实就是个封装了LOG的宏,定义如下:

#ifdef WITH_JNI_TRACE
#define JNI_TRACE(...) \
        ((void)LOG(LOG_INFO, LOG_TAG "-jni", __VA_ARGS__));     \
/*
        ((void)printf("I/" LOG_TAG "-jni:"));         \
        ((void)printf(__VA_ARGS__));          \
        ((void)printf("\n"))
*/
#else
#define JNI_TRACE(...) ((void)0)
#endif

但是最后还是有一点疑惑,源码打印的LOG是info级别的,但手机上logcat打印出的error log,这也是我为什么会注意到的原因,目前只能认为是手机和源码的代码不同了。

上一篇下一篇

猜你喜欢

热点阅读