1. 程式人生 > >Android OkHttp3使用http2問題記錄

Android OkHttp3使用http2問題記錄

Android Okhttp3使用http2.0協議的介面時,發現一個問題,列印錯誤Log E/NativeCrypto: ssl=0xd25d4000 cert_verify_callback x509_store_ctx,Google上沒有查到相關的資訊,畢竟現在http2用的還很少。經檢視Android原始碼,排查發現這只是個LOG,不是錯誤,可以放心的用http2了。

測試http2發現android列印了下面的LOG


07-08 14:33:57.182 13670-13697/com.qianmi.shine I/System.out: [CDS]connect[shineapi2.qianmi
.com/120.55.247.77:443] tm:20 07-08 14:33:57.187 13670-13697/com.qianmi.shine E/Posix: [Posix_connect Debug]Process com.qianmi.shine :443 07-08 14:33:57.251 13670-13697/com.qianmi.shine D/libc-netbsd: [getaddrinfo]: hostname=shineapi2.qianmi.com; servname=(null); cache_mode=(null), netid=0; mark=0 07-08 14:33:57.252
13670-13697/com.qianmi.shine D/libc-netbsd: [getaddrinfo]: ai_addrlen=0; ai_canonname=(null); ai_flags=4; ai_family=0 07-08 14:33:57.300 13670-13697/com.qianmi.shine E/NativeCrypto: ssl=0xd25d4000 cert_verify_callback x509_store_ctx=0xdec78080 arg=0x0 07-08 14:33:57.301 13670-13697/com.qianmi.shine E/NativeCrypto: ssl=0xd25d4000 cert_verify_callback calling verifyCertificateChain authMethod=ECDHE_RSA 07
-08 14:33:57.431 13670-13697/com.qianmi.shine I/System.out: gba_cipher_suite:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

/**
 * Verify the X509 certificate via SSL_CTX_set_cert_verify_callback
 */
static int cert_verify_callback(X509_STORE_CTX* x509_store_ctx, void* arg __attribute__ ((unused)))
{
    /* Get the correct index to the SSLobject stored into X509_STORE_CTX. */
    SSL* ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data(x509_store_ctx,
            SSL_get_ex_data_X509_STORE_CTX_idx()));
    JNI_TRACE("ssl=%p cert_verify_callback x509_store_ctx=%p arg=%p", ssl, x509_store_ctx, arg);

    AppData* appData = toAppData(ssl);
    JNIEnv* env = appData->env;
    if (env == NULL) {
        LOGE("AppData->env missing in cert_verify_callback");
        JNI_TRACE("ssl=%p cert_verify_callback => 0", ssl);
        return 0;
    }
    jobject sslHandshakeCallbacks = appData->sslHandshakeCallbacks;

    jclass cls = env->GetObjectClass(sslHandshakeCallbacks);
    jmethodID methodID
        = env->GetMethodID(cls, "verifyCertificateChain", "([[BLjava/lang/String;)V");

    jobjectArray objectArray = getCertificateBytes(env, x509_store_ctx->untrusted);

    const char* authMethod = SSL_authentication_method(ssl);
    JNI_TRACE("ssl=%p cert_verify_callback calling verifyCertificateChain authMethod=%s",
              ssl, authMethod);
    jstring authMethodString = env->NewStringUTF(authMethod);
    env->CallVoidMethod(sslHandshakeCallbacks, methodID, objectArray, authMethodString);

    int result = (env->ExceptionCheck()) ? 0 : 1;
    JNI_TRACE("ssl=%p cert_verify_callback => %d", ssl, result);
    return result;
}

JNI_TRACE其實就是個封裝了LOG的巨集,定義如下:

#ifdef WITH_JNI_TRACE
#define JNI_TRACE(...) \
        ((void)LOG(LOG_INFO, LOG_TAG "-jni", __VA_ARGS__));     \
/*
        ((void)printf("I/" LOG_TAG "-jni:"));         \
        ((void)printf(__VA_ARGS__));          \
        ((void)printf("\n"))
*/
#else
#define JNI_TRACE(...) ((void)0)
#endif

但是最後還是有一點疑惑,原始碼列印的LOG是info級別的,但手機上logcat打印出的error log,這也是我為什麼會注意到的原因,目前只能認為是手機和原始碼的程式碼不同了。