Android OkHttp3使用http2问题记录
2016-07-18 本文已影响1443人
offbye西涛
Android Okhttp3使用http2.0协议的接口时,发现一个问题,打印错误Log E/NativeCrypto: ssl=0xd25d4000 cert_verify_callback x509_store_ctx
,Google上没有查到相关的信息,毕竟现在http2用的还很少。经查看Android源码,排查发现这只是个LOG,不是错误,可以放心的用http2了。
测试http2发现android打印了下面的LOG
07-08 14:33:57.182 13670-13697/com.qianmi.shine I/System.out: [CDS]connect[shineapi2.qianmi.com/120.55.247.77:443] tm:20
07-08 14:33:57.187 13670-13697/com.qianmi.shine E/Posix: [Posix_connect Debug]Process com.qianmi.shine :443
07-08 14:33:57.251 13670-13697/com.qianmi.shine D/libc-netbsd: [getaddrinfo]: hostname=shineapi2.qianmi.com; servname=(null); cache_mode=(null), netid=0; mark=0
07-08 14:33:57.252 13670-13697/com.qianmi.shine D/libc-netbsd: [getaddrinfo]: ai_addrlen=0; ai_canonname=(null); ai_flags=4; ai_family=0
07-08 14:33:57.300 13670-13697/com.qianmi.shine E/NativeCrypto: ssl=0xd25d4000 cert_verify_callback x509_store_ctx=0xdec78080 arg=0x0
07-08 14:33:57.301 13670-13697/com.qianmi.shine E/NativeCrypto: ssl=0xd25d4000 cert_verify_callback calling verifyCertificateChain authMethod=ECDHE_RSA
07-08 14:33:57.431 13670-13697/com.qianmi.shine I/System.out: gba_cipher_suite:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
到github上找下相关的Android源码,
https://github.com/ACSOP/android_libcore/blob/88e2ca00cc0c161d9aa3e512b8ae58b3091dbf87/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
/**
* Verify the X509 certificate via SSL_CTX_set_cert_verify_callback
*/
static int cert_verify_callback(X509_STORE_CTX* x509_store_ctx, void* arg __attribute__ ((unused)))
{
/* Get the correct index to the SSLobject stored into X509_STORE_CTX. */
SSL* ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data(x509_store_ctx,
SSL_get_ex_data_X509_STORE_CTX_idx()));
JNI_TRACE("ssl=%p cert_verify_callback x509_store_ctx=%p arg=%p", ssl, x509_store_ctx, arg);
AppData* appData = toAppData(ssl);
JNIEnv* env = appData->env;
if (env == NULL) {
LOGE("AppData->env missing in cert_verify_callback");
JNI_TRACE("ssl=%p cert_verify_callback => 0", ssl);
return 0;
}
jobject sslHandshakeCallbacks = appData->sslHandshakeCallbacks;
jclass cls = env->GetObjectClass(sslHandshakeCallbacks);
jmethodID methodID
= env->GetMethodID(cls, "verifyCertificateChain", "([[BLjava/lang/String;)V");
jobjectArray objectArray = getCertificateBytes(env, x509_store_ctx->untrusted);
const char* authMethod = SSL_authentication_method(ssl);
JNI_TRACE("ssl=%p cert_verify_callback calling verifyCertificateChain authMethod=%s",
ssl, authMethod);
jstring authMethodString = env->NewStringUTF(authMethod);
env->CallVoidMethod(sslHandshakeCallbacks, methodID, objectArray, authMethodString);
int result = (env->ExceptionCheck()) ? 0 : 1;
JNI_TRACE("ssl=%p cert_verify_callback => %d", ssl, result);
return result;
}
JNI_TRACE其实就是个封装了LOG的宏,定义如下:
#ifdef WITH_JNI_TRACE
#define JNI_TRACE(...) \
((void)LOG(LOG_INFO, LOG_TAG "-jni", __VA_ARGS__)); \
/*
((void)printf("I/" LOG_TAG "-jni:")); \
((void)printf(__VA_ARGS__)); \
((void)printf("\n"))
*/
#else
#define JNI_TRACE(...) ((void)0)
#endif
但是最后还是有一点疑惑,源码打印的LOG是info级别的,但手机上logcat打印出的error log,这也是我为什么会注意到的原因,目前只能认为是手机和源码的代码不同了。