How to enable SSL debugging on the Android platform?

Is there something similar to setting -D javax.net.debug=ssl at the command line for Java desktop applications, but for the Android? I’ve tried setting it in code via System.setProperty("javax.net.debug", "ssl"); but that didn’t work.

If there isn’t a way to enable this property, is there at least another way to debug the client side of an SSL connection?

  • How to check MIUI autostart permission programatically?
  • Testing Android In App Billing real purchases
  • Way to parse XML (org.w3c.Document) on Android
  • Why might Resources.getString() intermittently return strings from the wrong locale?
  • How to get android notifications when app was closed?
  • How to Integrate Payment Gateway Feature in Android
  • EDIT: Just to clarify, this is referring to raw SSL sockets (SSLSocket and SSLSocketFactory), not the Apache library or any other network library.

    Related posts:

    NullPointerException when using RelativeLayout as custom InfoWindow
    What are paddingStart and paddingEnd?
    Android case-insensitive cursor query with LIKE operator (working for all locales)
    “Failure Delivering Result ” - onActivityForResult
    open an activity from a CordovaPlugin
    android monkey runner scripts
  • onFinishInflate() never gets called
  • The generated class for Component of Dagger 2 is not found in compileTestJava of Gradle's Java Plugin
  • Android GCM delivery monitoring
  • How do I get the child View of a ViewPager at a given item
  • How to make an accurate compass on android
  • How to hide spinner dropdown android
  • 4 Solutions collect form web for “How to enable SSL debugging on the Android platform?”

    At this point, there just doesn’t seem to be a way to do this. But in any case, we’re switching to the Netty library soon which has more detailed logging capabilities build in.

    So the (not great) solution to this issue is simply not to use SSLSocket, but to use a better network library instead.

    you can write a TrustManager class to handle it.
    example :

    ClientConnectionManager cm = new BasicClientConnectionManager();
    cm.getSchemeRegistry().register(createHttpsScheme());
    DefaultHttpClient client = new DefaultHttpClient(cm);
    String url = "https://your domain/your url";
    HttpGet get = new HttpGet(url);
    HttpResponse resp = client.execute(get);
    
    etc..
    
    public static Scheme createHttpsScheme() {
            SSLContext context = SSLContext.getInstance("TLS");
            context.init(null, new TrustManager[] {
                    new TestTrustManager()
            }, new SecureRandom());
    
            SSLSocketFactory sf = new SSLSocketFactory(context);
            return new Scheme("https", 443, sf);
    }
    

    int TestTrustManager.java you can print the chain like this:

    public class TestTrustManager implements X509TrustManager {
        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    
           for (int i = 0; i < chain.length; ++i) {
            System.out.println(chain[i]);
           }
    
           decorated.checkServerTrusted(chain, authType);
      }
    }
    

    If you are using Apache HttpClient (by importing a jar file), you can enable logging by setting environmental variables in Eclipse. If you use Commons Logging, the logs are printed to the Console. However this only works if you are running your app in the emulator and not on the device. Not sure of this helps.

    See http://hc.apache.org/httpcomponents-client-ga/logging.html

    I have found a useful debugging aid is to write a wrapper around X509KeyManager and X509TrustManager that delegates calls to the original implementation while logging the results, e.g.:

            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            tmf.init(ks);
    
            KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            kmf.init(ks, null);
    
            TrustManager[] tms = WrapTrustManager.WrapArray(tmf.getTrustManagers());
            KeyManager[] kms = WrapKeyManager.WrapArray(kmf.getKeyManagers());
            SSLContext context = SSLContext.getInstance("TLS");
            context.init(kms, tms, null);
    
            ....setSocketFactory(context.getSocketFactory());
    

    The implementation of WrapTrustManager and WrapKeyManager are pretty straightforward, but bewarned that they use exceptions to indicate failure and so it is important to not swallow exceptions while logging the outcome.

    Note that the interface uses the empty KeyManager and TrustManager interfaces, and you need to dynamically upcast these to X509KeyManager and X509TrustManager.

    Android Babe is a Google Android Fan, All about Android Phones, Android Wear, Android Dev and Android Games Apps and so on.