Proguard, HttpClient and SSLPeerUnverifiedException

By : yugico

I want to use ProGuard in my app. I use org.apache.http.impl.client.DefaultHttpClient to send requests to the server. Without Proguard it works good, but when I turn on the ProGuard I can build the app, but in run-time when I run the app I received the following exception: No peer certificate
    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java93)
    at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java388)
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java165)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java360)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java555)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java487)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java465)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java1112)
    at java.util.concurrent.ThreadPoolExecutor$

I can't understand where the problem. I disabled shrink and optimization, but it not helped. Also I tried to enable shrink option only, i.e. obfuscation and optimization were disabled, but it not helped too.

To build my app I use maven. Part of my pom file:






proguard-android.txt is standard file from the SDK folder

# This is a configuration file for ProGuard.


# Optimization is turned off by default. Dex does not like code run
# through the ProGuard optimize and preverify steps (and performs some
# of these optimizations on its own).
# Note that if you want to enable optimization, you cannot just
# include optimization flags in your own project configuration file;
# instead you will need to point to the
# "proguard-android-optimize.txt" file instead of this one from your
# file.

-keepattributes *Annotation*
-keep public class
-keep public class

# For native methods, see
-keepclasseswithmembernames class * {
    native <methods>;

# keep setters in Views so that animations can still work.
# see
-keepclassmembers public class * extends android.view.View {
   void set*(***);
   *** get*();

# We want to keep methods in Activity that could be used in the XML attribute onClick
-keepclassmembers class * extends {
   public void *(android.view.View);

# For enumeration classes, see
-keepclassmembers enum * {
    public static **[] values();
    public static ** valueOf(java.lang.String);

-keep class * implements android.os.Parcelable {
  public static final android.os.Parcelable$Creator *;

-keepclassmembers class **.R$* {
    public static <fields>;

# The support library contains references to newer platform versions.
# Don't warn about those in case this app is linking against an older
# platform version.  We know about them, and they are safe.

My proguard.cfg file:

-keep public class * extends

-keep public class * extends

-keep public class * extends
-keep public class * extends android.content.BroadcastReceiver

-keepclasseswithmembers class * {
    public <init>(android.content.Context, android.util.AttributeSet);

-keepclasseswithmembers class * {
    public <init>(android.content.Context, android.util.AttributeSet, int);

-keep class com.newrelic.** { *; }
-dontwarn com.newrelic.**
-keepattributes Exceptions, Signature, InnerClasses

-keep public class**
-keepclassmembers public class** { *; }

-keep class org.spongycastle.* { *; }
-dontwarn org.spongycastle.*

-keep class org.apache.http.** { *; }
-keepclassmembers public class org.apache.http.** { *; }
-dontwarn org.apache.http.**
-keep class { *; }
-keep class$* { *; }

-keepattributes Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LineNumberTable,*Annotation*,EnclosingMethod
By : yugico

The problem was that in lines:

-keep class org.spongycastle.* { *; }
-dontwarn org.spongycastle.*

I used *. It's wrong. You must use **.

* means "don't touch all classes in this package"
** means "don't touch all classes in the package and all sub-packages"

Thanks to all.

By : yugico

This video can help you solving your question :)
By: admin