AIR 19-22, SecureSocket: certificate is always invalid on Android

Report · Sep 01, 2016

When using SecureSocket for SSL connection, connection is established on Windows but not on Android devices: SecureCertificateStatus is "invalid" for any host, even for google.com.

In previous versions of AIR it was not an issue, and in AIR 19 openssl was updated so I believe it has something with it.

Here's the code fore reproducing the issue:

var ss:SecureSocket = new SecureSocket();

ss.addEventListener(Event.CONNECT, connect);

ss.addEventListener(IOErrorEvent.IO_ERROR, ioerror);

ss.connect("google.com", 443);

function ioerror(event:IOErrorEvent):void{

trace(event);

trace(ss.serverCertificateStatus);

trace("Not connected!");

}

function connect(event:Event):void{

trace("Connected!");

}

Is there any solution to make it connectable?

Report · Oct 12, 2016

We can confirm that we have the same issue with Air for Android. We also checked Air versions 18 and 23 and got the same error:

[trace] [IOErrorEvent type="ioError" bubbles=false cancelable=false eventPhase=2 text="Error #2031: Socket Error. URL: google.com" errorID=2031]
[trace] principalMismatch

Web and iOS versions work fine. This issue seems to be on Android only.

Report · Oct 28, 2016

If you have the same issue, please vote for the fix at adobe bug base Bug#4185838 - SecureSocket can't connect on Android

TNX

Report · Dec 13, 2016

The vote page has been moved to Adobe Tracker

Report · Mar 08, 2017

We just noticed this as well. Our servers are being upgraded to TLS 1.1 and 1.2 and secureSockets are needed to work with that. Like you said, it works flawlessly on ios and Windows, but not at all on Android. Did you ever find any resolution to this or a workaround?

Report · Mar 23, 2017

Any reply to this would be great. This is really crippling our ability to deliver apps for android over https and TLS 1.2 which is being mandated by a lot of our fortune 100 clients. Please help!

Report · Mar 24, 2017

We're working on it but unfortunately it's not a trivial fix. That said, it's a high priority item we'd like to address in one of the upcoming releases.

Report · Mar 27, 2017

Thanks for the update Chris. I'm glad it's a priority. Looking forward to a solution.