samuel
10/27/2023, 3:38 PMOkHttpClient
using a custom SSLSocketFactory
that handles all the certificates and private keys. However, one thing i need to support now, is adding an ALPN
āprotocol nameā. Is there a way i can configure my client to specify the āALPN protocol nameāsamuel
10/27/2023, 3:38 PMClients that connect on port 443 with X.509 client certificate authentication must implement the Application Layer Protocol Negotiation (ALPN) TLS extension and use the ALPN protocol name listed in the ALPN ProtocolNameList sent by the client as part of themessage.ClientHello
yschimke
10/27/2023, 4:54 PMyschimke
10/27/2023, 4:55 PMyschimke
10/27/2023, 4:57 PMyschimke
10/27/2023, 4:57 PMyschimke
10/27/2023, 4:58 PMsamuel
10/27/2023, 8:45 PMjessewilson
10/28/2023, 11:55 AMyschimke
10/28/2023, 12:16 PMyschimke
10/28/2023, 12:17 PMjessewilson
10/28/2023, 12:19 PMjessewilson
10/28/2023, 12:20 PMsamuel
10/28/2023, 1:33 PMjessewilson
10/28/2023, 2:23 PMjessewilson
10/28/2023, 2:24 PMyschimke
10/28/2023, 2:30 PMjessewilson
10/28/2023, 2:47 PMsamuel
10/28/2023, 4:34 PMapplicationProtocols
in my sslSocketFactory
like: sslContext._defaultSSLParameters.applicationProtocols = arrayOf_("x-amzn-http-ca")
but that seems to not have an effect. Is there a way to supply it to okhttp otherwise?yschimke
10/28/2023, 5:58 PMjessewilson
10/28/2023, 8:26 PMsamuel
10/29/2023, 12:25 AMfun sampleSocketFactory(): SSLSocketFactory =
SSLContext.getInstance("TLS").apply {
// simplified
val keyManagers = emptyArray<KeyManager>()
val trustManagers = emptyArray<TrustManager>()
init(keyManagers, trustManagers, null)
val params = defaultSSLParameters
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) {
params.applicationProtocols += (arrayOf("x-amzn-http-ca"))
}
}.socketFactory
private val sampleOkHttpClient = HttpClient(OkHttp) {
install(ContentNegotiation) {
json(JsonFormat)
}
engine {
config {
connectionSpecs(
listOf(ConnectionSpec.MODERN_TLS.apply {
val f = ConnectionSpec::class.java.getDeclaredField("supportsTlsExtensions")
f.isAccessible = true
f.set(this, false)
})
)
sslSocketFactory(
sampleSocketFactory(),
// implementation removed for simplicity
myX509TrustManager,
)
}
}
}
samuel
10/29/2023, 12:26 AMsamuel
10/29/2023, 12:29 AMjessewilson
10/29/2023, 12:53 AMjessewilson
10/29/2023, 12:56 AMjessewilson
10/29/2023, 12:56 AMjessewilson
10/29/2023, 12:57 AMjessewilson
10/29/2023, 12:57 AMsamuel
10/29/2023, 2:45 AMyschimke
10/29/2023, 11:21 AMyschimke
10/29/2023, 11:41 AMjessewilson
10/29/2023, 12:00 PMsamuel
10/29/2023, 12:42 PMsamuel
10/29/2023, 12:44 PMparameters.applicationProtocols = arrayOf("x-amzn-http-ca")
seems to require API level 29yschimke
10/29/2023, 1:05 PMyschimke
10/29/2023, 1:05 PMyschimke
10/29/2023, 1:05 PMyschimke
10/29/2023, 1:05 PMyschimke
10/29/2023, 1:06 PMsamuel
10/29/2023, 1:32 PMsamuel
10/29/2023, 1:34 PMyschimke
10/29/2023, 1:51 PMsamuel
10/29/2023, 2:06 PM