I'm working on an AIR app which was running fine under AIR 1.0. But since I've upgrade to AIR 1.5 there's a problem with accessing a HTTP*S*-WebService.
When I try to access this service with a Flash based application, everything works just fine. When I try to access ithe service with AIR 1.0, it works fine, too. When I try to connect to a regular (i.e. not secure) HTTP-Service, even with AIR 1.5 it works fine. Just the combination AIR 1.5 and HTTP*S*-WebServices seems to fail.
Has anyone an idea?
Any help would be gladly appreciated.
Thanks in advance
Without details it's tough to say, but could this be it:
I'd think AIR 1.5 comes with the most-most-recent version of flash player 10 (in which the bug is fixed... but I don't remember the minor versions offhand...) but perhaps not. Check the exact flash player version in which success and failure happens.
If you are using windows, it may be the certificate revocation checking problem I encountered. If you have 'Check for Server Revocation' checked in the Internet Options (advanced), and it doesn't successfully follow the revocation chain, the https call fails. Even though this is a windows setting, IE seems to ignore it, or uses its own mechanism for revocation checking. If you install Google Chrome browser, and try the call, you will get a warning message if this is the problem. It is also much easier to turn off the certificate checking with Chrome than it is the Windows control panel->Internet Options.
No, because the problem is not with AIR, it is with either the site's certificate, or with the configuration of the client's machine or network that prevents the certificate revocation checking from working correctly. AIR does not let you do potentially unsafe or damaging things to the machine it is installed on, which is a good thing. The customer has configured their machine to not allow connections to secure sites that the certificate revocation check fails on. If AIR allowed you to circumvent this, it would be a huge security hole. Which of course would be splashed all over all the security and computer media web sites and blogs, and then you wouldn't be able to get an AIR application installed anywhere.
That said, I would much prefer that AIR send back a more useable error, so that I can trap it correctly and display an explanation window to the user so they can then make the decision if they want to change their configuration. Given the number of things that can cause an http / https call to fail, trying to display all the possible reasons would be a waste of time.
No, because the problem is not with AIR, it is with either the site's certificate, or with the configuration of the client's machine or network that prevents the certificate revocation checking from working correctly.
The site that I have invoke has the proper signed certificate. I think site certificate has not been loaded. May be if we import site certificate into the system, it solves the problem.
Is there is any possible to import the site certificate through the application