Casablanca 2.2.0 on Android with https

Aug 24, 2014 at 6:04 PM
Hi,

I'd like to use Casablanca as my REST client for mobile platforms (WP, iOS and Android) and I am doing some tests on Android.
I managed to perform a simple web GET request on an http web server but it fails on https with a signal 11. I can see in the memory dump that apparently the SSL handshaked failed. I queried https://www.google.com and tried with a few other https sites but did not analyze the SSL/TLS cipher suites supported by them. The code works fine on Linux.

Logcat message (had to trim it due to limitation in post size)
08-24 18:29:20.736: A/libc(4053): Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1), thread 4106 (AsyncTask #1)
08-24 18:29:20.841: I/DEBUG(85): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
08-24 18:29:20.841: I/DEBUG(85): Build fingerprint: 'google/sojua/crespo:4.1.1/JRO03E/403059:user/release-keys'
08-24 18:29:20.841: I/DEBUG(85): pid: 4053, tid: 4106, name: AsyncTask #1  >>> com.example.hellojni <<<
08-24 18:29:20.994: I/DEBUG(85):          5503eaac  5110fa90  /data/data/com.example.hellojni/lib/libgnustl_shared.so (__cxxabiv1::__terminate(void (*)())+8)
08-24 18:29:20.994: I/DEBUG(85):          5503eab0  51186004  /data/data/com.example.hellojni/lib/libgnustl_shared.so
08-24 18:29:20.994: I/DEBUG(85):          5503eab4  5110fad8  /data/data/com.example.hellojni/lib/libgnustl_shared.so (std::terminate()+28)
08-24 18:29:20.994: I/DEBUG(85):          5503eab8  00000000  
08-24 18:29:20.994: I/DEBUG(85):          5503eabc  5110fa78  /data/data/com.example.hellojni/lib/libgnustl_shared.so (std::rethrow_exception(std::__exception_ptr::exception_ptr)+188)
08-24 18:29:20.841: I/DEBUG(85): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr deadbaad
0 +...............
08-24 18:29:20.998: I/DEBUG(85):     41723bc4 6f727245 6e692072 4c535320 6e616820  Error in SSL han
08-24 18:29:20.998: I/DEBUG(85):     41723bd4 61687364 0000656b 0000009b 00000003  dshake..........
08-24 18:29:20.998: I/DEBUG(85):     41723be4 00000000 527299e0 5253c421 5110fabc  ......rR!.SR...Q
08-24 18:29:20.998: I/DEBUG(85): memory near r7:
08-24 18:29:20.998: I/DEBUG(85):     414e1418 17ffeeae 02f227a0 40d9ab14 00075aa8  .....'.....@.Z..
08-24 18:29:20.998: I/DEBUG(85):     414e1428 414e13f8 00000014 00000020 00000029  ..NA.... ...)...
08-24 18:29:20.998: I/DEBUG(85):     414e1438 4008852c 4008852c 683a3a70 5f707474  ,..@,..@p::http_
08-24 18:29:20.998: I/DEBUG(85):     414e1448 65637865 6f697470 0000006e 00000000  exception.......
08-24 18:29:21.001: I/DEBUG(85):     414e1458 00000028 0000006a 414e14c8 525f6334  (...j.....NA4c_R
08-24 18:29:21.001: I/DEBUG(85): memory near sl:
08-24 18:29:21.001: I/DEBUG(85):     5110fa9c e1a05001 e1a04000 ebfffbe9 e3750001  .P...@........u.
08-24 18:29:21.001: I/DEBUG(85):     5110faac 0a000000 ebfffa47 e1a00004 ebfffb3d  ....G.......=...
08-24 18:29:21.001: I/DEBUG(85):     5110fabc e92d4008 e59f3010 e59f2010 e08f3003  .@-..0... ...0..
08-24 18:29:21.001: I/DEBUG(85):     5110facc e7933002 e5930000 ebffffeb 00076360  .0..........`c..
08-24 18:29:21.001: I/DEBUG(85):     5110fadc fffffaf8 e92d4008 e12fff30 ebfffff3  .....@-.0./.....
08-24 18:29:21.001: I/DEBUG(85): memory near fp:
08-24 18:29:21.001: I/DEBUG(85):     5503eafc 5503eb2c 5503eb5c 41926215 5503eb14  ,..U\..U.b.A...U
08-24 18:29:21.001: I/DEBUG(85):     5503eb0c 5503ec44 5118ca6c 00000000 00000000  D..Ul..Q........
08-24 18:29:21.001: I/DEBUG(85):     5503eb1c 414e1298 414e1288 5503eb5c 40d9a810  ..NA..NA\..U...@
08-24 18:29:21.001: I/DEBUG(85):     5503eb2c 414e30b0 414e3108 517ba940 416ceab8  .0NA.1NA@.{Q..lA
08-24 18:29:21.001: I/DEBUG(85):     5503eb3c 517baa24 517baa4c 517baa64 5118ca6c  $.{QL.{Qd.{Ql..Q
Here's my Application.mk
NDK_TOOLCHAIN_VERSION=4.8
APP_PLATFORM := android-9
APP_OPTIM := release
APP_STL := gnustl_shared
APP_CPPFLAGS += -fexceptions
APP_CPPFLAGS += -std=gnu++11
APP_ABI := armeabi-v7a
Any idea ?
Coordinator
Aug 25, 2014 at 5:33 PM
Hi bengalister,

Yes this is a known issue. Basically the problem is OpenSSL doesn't have access to where the Android operating system is storing trusted certificates. So what happens is the server certificate validation fails when using HTTPS. I tried to make this clear in the release notes, but perhaps I didn't highlight enough. We are tracking this with issue #242. We decided to go ahead with the release to share initial Android support even though this wasn't complete.

You shouldn't be getting a segmentation fault here, but regardless I'll have a fix for this in the development probably later this week. My fix basically through the JNI uses the Android APIs to perform the certificate verification. For now until then you can if you want disable certification verification by using http_client_config::set_validate_certificates. Please note you should only do this temporarily and if you are 100% sure you trust the server you are connecting to. This will make you vulnerable to man in the middle attacks.

Thanks,
Steve
Aug 25, 2014 at 9:07 PM
Thank you very much for your fast and clear answer !
Sorry, to be honest I have to admit that I did not read the release notes, i compiled following the instructions on the online docs.
I'll try disabling (i can't test right now) server certificate validation as a temporary workaround and will track the issue.
Coordinator
Aug 28, 2014 at 6:43 PM
Hi bengalister,

FYI I've implemented server certificate verification on Android now. It is in the development branch.

Steve
Aug 30, 2014 at 9:14 PM
Hi Stevetgates,

I tried disabling server certificate validation and it worked. I also compiled the library with commit 98c97fc2d6b36ebdf604daa862ed2c2a68dd21e2 ("Incorporating feedback on Android server cert verification).
, and also worked without disabling server certificate verification.

However i got a segmentation fault with commit 98c97fc2d6b36ebdf604daa862ed2c2a68dd21e2 " Merge branch 'development' of https://git01.codeplex.com/casablanca into androidssl" with the same code that just performs a get request (same fault either on http or https).
08-30 15:29:57.781: I/DEBUG(85): backtrace:
08-30 15:29:57.781: I/DEBUG(85):     #00  pc 00008e3e  /data/data/com.example.hellojni/lib/libhello-jni.so (pplx::details::_RefCounter::_Reference()+5)
08-30 15:29:57.781: I/DEBUG(85):     #01  pc 000099f7  /data/data/com.example.hellojni/lib/libhello-jni.so (pplx::details::_Task_impl_base::_Task_impl_base(pplx::details::_CancellationTokenState*, pplx::scheduler_ptr)+94)
Regards
Coordinator
Sep 16, 2014 at 2:13 AM
Hi bengalister,

Can you please try with the latest code in the 'development' branch? If it still reproduces then I'll need you to share the code reproducing. We aren't aware of any issue here.

Thanks,
Steve
Sep 20, 2014 at 9:41 PM
Edited Sep 20, 2014 at 9:42 PM
Hi stevetgates,

I have just retried it and the issue is still happening. I copied the project that basically retrieves a web page and just displays the body in a text view.
I tried it on Android 4.1.1 (Nexus S)
You can get the Android project from here

I am not skilled enough in C++ and Android NDK to help debugging the issue quickly.