How to enable SSL debugging on the Android platform?

Question

Is there something similar to setting -D javax.net.debug=ssl at the command line for Java desktop applications, but for the Android? I've tried setting it in code via System.setProperty("javax.net.debug", "ssl"); but that didn't work.

If there isn't a way to enable this property, is there at least another way to debug the client side of an SSL connection?

EDIT: Just to clarify, this is referring to raw SSL sockets (SSLSocket and SSLSocketFactory), not the Apache library or any other network library.

Answer 1

At this point, there just doesn't seem to be a way to do this. But in any case, we're switching to the Netty library soon which has more detailed logging capabilities build in.

So the (not great) solution to this issue is simply not to use SSLSocket, but to use a better network library instead.

Answer 2

you can write a TrustManager class to handle it. example :

ClientConnectionManager cm = new BasicClientConnectionManager();
cm.getSchemeRegistry().register(createHttpsScheme());
DefaultHttpClient client = new DefaultHttpClient(cm);
String url = "https://your domain/your url";
HttpGet get = new HttpGet(url);
HttpResponse resp = client.execute(get);

etc..

public static Scheme createHttpsScheme() {
        SSLContext context = SSLContext.getInstance("TLS");
        context.init(null, new TrustManager[] {
                new TestTrustManager()
        }, new SecureRandom());

        SSLSocketFactory sf = new SSLSocketFactory(context);
        return new Scheme("https", 443, sf);
}

int TestTrustManager.java you can print the chain like this:

public class TestTrustManager implements X509TrustManager {
    @Override
    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {

       for (int i = 0; i < chain.length; ++i) {
        System.out.println(chain[i]);
       }

       decorated.checkServerTrusted(chain, authType);
  }
}