Hi, there!
I’m having issues doing the SSL certificate verification. I need to know why is it rejecting the SSL, so I want to print what type of SslError is the onReceivedSslError method getting. How can I print it so I can see it? I’m using Log.w("SSLERROR1", message) (message depends on the type of error) in both SystemWebClient.java and XWalkCordovaResourceClient.java and running in the command line adb lolcat | findstr SSLERROR1 (I’m on Windows), but it’s not showing anything.
Is there something else I have to do?
Thanks a lot!
I suspect you are not seeing that log because that handler is not being called at all when it comes to XWalk. I just went through this mess myself a day ago.
https://crosswalk-project.org/jira/browse/XWALK-7195
I solved this by migrating to an older version of xwalk-lite and cordova-plugin-crosswalk-webview
ionic plugin add "https://github.com/crosswalk-project/cordova-plugin-crosswalk-webview#1.8.0" --variable XWALK_MODE="lite" --variable "XWALK_VERSION"="17.46.459.1"
Additional notes:
- If your cert is self-signed, your SSL cert will fail in release mode, both with or without xwalk - you need override the SSL callback to enable it
- Even if your cert is not self-signed, depending on how its signed, XWalk will kick it out (till they fix it) - Lets Encrypt certs have this issue.
I worked around both issues by enabling untrusted SSL certs in both cases
I’m gonna try that. About the notes, well, I don’t know about the cert being self-signed, since the service is provided by an external entity. How can I enable untrusted SSL certs?
EDIT: Is it with this plugin? https://github.com/hypery2k/cordova-certificate-plugin
Caveat: What I write below is what I arrived at to make my app work without passing the onus onto users. My app is actually used extensively with self-signed SSL certs where each person using my app installs an open source home security server - so there is no way I can tell them to ‘go get a commercial and properly signed cert’ --> these are mostly IT administrators who lock their systems down with VPN tunnels , so my tips may be more risky for you if its a public server.
Hi, a few things:
- By enabling untrusted SSL certs, you are bypassing one of the key features of SSL - trust
- That being said, its better than your app not working
Note that its not necessary that you are using self-signed certs. If you read through the Xwalk issue thread I posted above, you’ll note they have issues with how certificates are generated even for paid certs (lets encrypt was an example). Unless you can influence your service provider to fix the cert, you don’t really have an option.
The core logic is you have to override onReceivedSSLError. They are however handled differently if you use Xwalk or System WebView in Android. And there is iOS as well.
I finally figured out two plugins that met my purpose, rather than maintaining hacked files on my own:
For X-Walk: https://github.com/danjarvis/cordova-plugin-crosswalk-certificate
For native: cordova plugin add https://github.com/hypery2k/cordova-certificate-plugin
My build script adds/removes them depending on which port it is building
Enabling it is one convenient line.
Excellent, thank you so much! This solves one of my issues, which is using the service ignoring the SSL error. But still want to know what’s happening to the certificate, why is it being rejected, so I can report the problem to the provider and get to a solution where I don’t have to disable the S part of HTTPS. How can I know what’s happening to it?