How to enable SSL debugging on the Android platform?

Question

Is there something similar to setting -D javax.net.debug=ssl at the command line for Java desktop applications, but for the Android? I\'ve tried setting it in code

Answer 1

I have found a useful debugging aid is to write a wrapper around X509KeyManager and X509TrustManager that delegates calls to the original implementation while logging the results, e.g.:

        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(ks);

        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        kmf.init(ks, null);

        TrustManager[] tms = WrapTrustManager.WrapArray(tmf.getTrustManagers());
        KeyManager[] kms = WrapKeyManager.WrapArray(kmf.getKeyManagers());
        SSLContext context = SSLContext.getInstance("TLS");
        context.init(kms, tms, null);

        ....setSocketFactory(context.getSocketFactory());

The implementation of WrapTrustManager and WrapKeyManager are pretty straightforward, but bewarned that they use exceptions to indicate failure and so it is important to not swallow exceptions while logging the outcome.

Note that the interface uses the empty KeyManager and TrustManager interfaces, and you need to dynamically upcast these to X509KeyManager and X509TrustManager.