okhttp3 - Unexpected response code for CONNECT: 403

Question

In my android project I was using okhttp3 library version 3.4.2 to connect to my server.

Recently, I tried to update the library version to 3.9.0 with no code change other than the build.gradle. But, now same requests is failing with 403 error. So, I tried all the version released between 3.4.2 and 3.9.0, and found out that the issue started with version 3.5.0 only.

I am seeing this error with one of my server only where I have to connect to server by loading certificate into X509TrustManager. Below is small sample of what I am doing:

public  OkHttpClient.Builder getCertificate(OkHttpClient.Builder client) {
    try {
        AssetManager assets = cntxt.getAssets();
        InputStream caInput=null;
        caInput = assets.open(configuration.sslCertFile);

        File f = createFileFromInputStream(caInput);
        final KeyStore trusted = KeyStore.getInstance("PKCS12");
        trusted.load(new FileInputStream(f), sslPasswd.toCharArray());
        final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(trusted,sslPasswd.toCharArray());
        SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
        FakeX509TrustManager[] fmk=new FakeX509TrustManager[1];
        fmk[0]=new FakeX509TrustManager();
        fmk[0].allowAllSSL();
        sslContext.init(keyManagerFactory.getKeyManagers(),fmk, new SecureRandom());
        X509TrustManager trustManager = (X509TrustManager) fmk[0];

        client.sslSocketFactory(new Tls12SocketFactory(sslContext.getSocketFactory()), trustManager);
        HostnameVerifier hostnameVerifier = new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                //Log.d("MAinActivity", "Trust Host :" + hostname);
                return true;
            }
        };
        client.hostnameVerifier( hostnameVerifier);
        ConnectionSpec cs = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
                .tlsVersions(TlsVersion.TLS_1_2)
                .build();

        List<ConnectionSpec> specs = new ArrayList<ConnectionSpec>();
        specs.add(cs);
        specs.add(ConnectionSpec.COMPATIBLE_TLS);
        specs.add(ConnectionSpec.CLEARTEXT);

        client.connectionSpecs(specs);
        f.delete();
        log.debug("Certificate File has been deleted from the cache");
    } catch (Exception exc) {
        exc.printStacktrace();
    }

    return client;
}

I cannot share the IP of the server I am trying to connect as it is an private IP.

I also went through the version 3.5.0 change log, but could't find anything that should break the request.

Any help would be appreciated. Thanks in advance!

Answer 1

Looks like a failure to connect via your configured HTTP proxy. Change the proxy server config (possibly in a system property) and you'll be good to go.