I have a scenario in which I must pass a certficate to my server, then the server sends me his certificate, which I must accept to access the server. I was using HttpURLConnection for this, with no problems.

However, I recently had a problem with HttpURLConnection. The code I was using retrieved an image from a HTTPS server. If the image was small (< 500kb), no problem whatsoever occured. However, with larger images I got this:

javax.net.ssl.SSLProtocolException: Read error: ssl=0x3c97e8: Failure in SSL library, usually a protocol error

I was reading about it on the Internet, and many people said that using HttpClient instead of HttpURLConnection was the way to go (an example is this site http://soan.tistory.com/62 , think that is written in korean, I can’t read it but that’s what I think it says).

This is my old code, using URLConnection:

    public static URLConnection CreateFromP12(String uri, String keyFilePath,
        String keyPass, TrustManager[] trustPolicy, HostnameVerifier hv) {
    try {

        SSLContext sslContext = SSLContext.getInstance("TLS");
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");

        keyStore.load(new FileInputStream(keyFilePath),
                keyPass.toCharArray());

        kmf.init(keyStore, keyPass.toCharArray());
        sslContext.init(kmf.getKeyManagers(), trustPolicy, null);

        HttpsURLConnection.setDefaultSSLSocketFactory(sslContext
                .getSocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier(hv);
    } catch (Exception ex) {
        return null;
    }

    URL url;
    URLConnection conn;
    try {
        url = new URL(uri);
        conn = url.openConnection();
    } catch (MalformedURLException e) {
        return null;
    } catch (IOException e) {
        return null;
    }

    return conn;
}

And this is the new one, using HttpClient:

public class HttpC2Connection {

public static HttpEntity CreateHttpEntityFromP12(String uri,
        String keyFilePath, String keyPass) throws Exception {

    KeyStore keyStore = KeyStore.getInstance("PKCS12");
    keyStore.load(new FileInputStream(keyFilePath), keyPass.toCharArray());

    SSLSocketFactory sf = new MySSLSocketFactory(keyStore);
    sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

    HttpParams params = new BasicHttpParams();
    HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
    HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);

    SchemeRegistry registry = new SchemeRegistry();

    registry.register(new Scheme("https", sf, 443));

    ClientConnectionManager ccm = new ThreadSafeClientConnManager(params,
            registry);

    HttpClient httpclient = new DefaultHttpClient(ccm, params);
    HttpGet httpget = new HttpGet(uri);
    HttpResponse response = httpclient.execute(httpget);
    HttpEntity entity = response.getEntity();

    return entity;
}

But now, using HttpClient, my server returns me an error saying that I must pass a certificate, so I guess that

SSLSocketFactory sf = new MySSLSocketFactory(keyStore); 

isn’t loading my certificate.

So, how can I do the following two things at the same time:

1.) Pass a certificate to my server;
2.) Accept any certificate from my server

Using the HttpClient class?

PS: I’m using Android 3.0

Thanks