Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Example Configuring Conscrypting on non Android

See original GitHub issue

What version of gRPC are you using?

1.20.0

What did you expect to see?

Some example where conscrypting is put to use. Other parts of documentation like are good compared to this. I am using example-tls as base but I not pretty sure where the line Security.insertProviderAt(Conscrypt.newProvider(), 1); goes and if there is anyother changes that are needed.

EDIT:

public static void main(String[] args) throws IOException, InterruptedException {

        if (args.length < 4 || args.length > 5) {
            System.out.println(
                    "USAGE: HelloWorldServerTls host port certChainFilePath privateKeyFilePath " +
                    "[trustCertCollectionFilePath]\n  Note: You only need to supply trustCertCollectionFilePath if you want " +
                    "to enable Mutual TLS.");
            System.exit(0);
        }

        final HelloWorldServerTls server = new HelloWorldServerTls(args[0],
                Integer.parseInt(args[1]),
                args[2],
                args[3],
                args.length == 5 ? args[4] : null);
        Security.insertProviderAt(Conscrypt.newProvider(), 1);
        server.start();
        server.blockUntilShutdown();
}

Is this enough if I add that Security.insertProviderAt(Conscrypt.newProvider(), 1); over there and just add the conscrypt gradle dependency? Is there something else I need to do?

Issue Analytics

State:
Created 4 years ago
Comments:18 (9 by maintainers)

Top GitHub Comments

1reaction

ejona86commented, May 16, 2019

So does that mean I generate certificate with alternative names and when using that it will work?

Yes. There will be some updates to the tls example to swap to different certs. You can wait for that. You can also try something like https://github.com/square/certstrap (there’s pre-built binaries available on the releases page)

I think something like this would be close.

./certstrap init --common-name ca
./certstrap request-cert --common-name server --domain localhost
./certstrap sign server --CA ca

You’d need to change the code to use .pem instead of .crt and .key instead of .pem.

0reactions

yeshwanthvshenoycommented, May 22, 2019

Thanks! Helps a lot!! We will evaluate this further and if I have any doubts will come back.

Top Results From Across the Web

Conscrypt - Android Open Source Project

The Conscrypt module accelerates security improvements and improves device security without relying on OTA updates. It uses Java code and a native library ......

Discretionary Access Control (DAC) | Android Open Source ...

On this page; Adding Android IDs (AIDs); Configuring AIDs. Configuring the caps section; Configuring the AID section. Usage examples.

Network Stack Configuration Tools

The Android operating system contains standard Linux networking utilities such as ifconfig , ip , and ip6tables . These utilities reside on ...

Configuring ART | Android Open Source Project

As an example, Pixel devices are configured with the following compilation flow: An application is initially installed without any AOT ...

Configuring audio policies | Android Open Source Project

For example, the use of all device properties not just its type in policy rules. Android 7.0 introduced a audio policy configuration file ......