javax.net.ssl.SSLHandshakeException: Unacceptable certificate: CN=GeoTrust SSL C

阅读更多

最近从Android N升级到Android O,发现163的邮箱以pop3,110,SSL/TSL方式登录的时候会弹出Unacceptable certificate: CN=GeoTrust SSL CA.

从字面看出是证书有问题，将N的代码和O的代码进行对比，发现关于对应的部分都没有修改，很纳闷啊。再细细跟着代码流程，最后将 exception通过printStackTrace();打印详细信息才发现原来是手机时间设置了1970年导致证书无效了

	01-06 20:05:40.496  3969   415 D Email   : startHandshake ....
01-06 20:05:40.544  3969   415 W System.err: javax.net.ssl.SSLHandshakeException: Unacceptable certificate: CN=GeoTrust SSL CA - G3, O=GeoTrust Inc., C=US
01-06 20:05:40.544  3969   415 W System.err: 	at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:219)
01-06 20:05:40.544  3969   415 W System.err: 	at com.android.emailcommon.utility.SSLSocketFactoryWrapper.verifyHostname(SSLSocketFactoryWrapper.java:246)
01-06 20:05:40.544  3969   415 W System.err: 	at com.android.emailcommon.utility.SSLSocketFactoryWrapper.createSocket(SSLSocketFactoryWrapper.java:131)
01-06 20:05:40.544  3969   415 W System.err: 	at com.android.email.mail.transport.MailTransport.reopenTls(MailTransport.java:172)
01-06 20:05:40.544  3969   415 W System.err: 	at com.android.email.mail.store.Pop3Store$Pop3Folder.open(Pop3Store.java:225)
01-06 20:05:40.544  3969   415 W System.err: 	at com.android.email.mail.store.Pop3Store.checkSettings(Pop3Store.java:137)
01-06 20:05:40.544  3969   415 W System.err: 	at com.android.email.activity.setup.AccountCheckSettingsFragment$AccountCheckTask.doInBackground(AccountCheckSettingsFragment.java:385)
01-06 20:05:40.544  3969   415 W System.err: 	at com.android.email.activity.setup.AccountCheckSettingsFragment$AccountCheckTask.doInBackground(AccountCheckSettingsFragment.java:345)
01-06 20:05:40.544  3969   415 W System.err: 	at android.os.AsyncTask$2.call(AsyncTask.java:333)
01-06 20:05:40.544  3969   415 W System.err: 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
01-06 20:05:40.545  3969   415 W System.err: 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
01-06 20:05:40.545  3969   415 W System.err: 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
01-06 20:05:40.545  3969   415 W System.err: 	at java.lang.Thread.run(Thread.java:764)
01-06 20:05:40.546  3969   415 W System.err: Caused by: java.security.cert.CertificateException: Unacceptable certificate: CN=GeoTrust SSL CA - G3, O=GeoTrust Inc., C=US
01-06 20:05:40.546  3969   415 W System.err: 	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:598)
01-06 20:05:40.546  3969   415 W System.err: 	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495)
01-06 20:05:40.546  3969   415 W System.err: 	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:418)
01-06 20:05:40.546  3969   415 W System.err: 	at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:339)
01-06 20:05:40.546  3969   415 W System.err: 	at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
01-06 20:05:40.546  3969   415 W System.err: 	at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
01-06 20:05:40.546  3969   415 W System.err: 	at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:197)
01-06 20:05:40.546  3969   415 W System.err: 	at com.android.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(ConscryptFileDescriptorSocket.java:399)
01-06 20:05:40.546  3969   415 W System.err: 	at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
01-06 20:05:40.546  3969   415 W System.err: 	at com.android.org.conscrypt.SslWrapper.doHandshake(SslWrapper.java:374)
01-06 20:05:40.546  3969   415 W System.err: 	at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:217)
01-06 20:05:40.547  3969   415 W System.err: 	... 12 more
01-06 20:05:40.547  3969   415 W System.err: Caused by: java.security.cert.CertificateNotYetValidException: Certificate not valid until Tue Nov 05 21:36:50 GMT+00:00 2013 (compared to Tue Jan 06 20:05:40 GMT+00:00 1970)
01-06 20:05:40.547  3969   415 W System.err: 	at com.android.org.conscrypt.OpenSSLX509Certificate.checkValidity(OpenSSLX509Certificate.java:239)
01-06 20:05:40.547  3969   415 W System.err: 	at com.android.org.conscrypt.OpenSSLX509Certificate.checkValidity(OpenSSLX509Certificate.java:232)
01-06 20:05:40.547  3969   415 W System.err: 	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:595)
01-06 20:05:40.547  3969   415 W System.err: 	... 22 more
01-06 20:05:40.547  3969   415 D Email   : javax.net.ssl.SSLHandshakeException: Unacceptable certificate: CN=GeoTrust SSL CA - G3, O=GeoTrust Inc., C=US

将手机时间调到当前时间，即可解决此问题。

http://androidxref.com/8.0.0_r4/xref/packages/apps/Dialer/java/com/android/voicemail/impl/mail/MailTransport.java