Skip navigation
illergeek
Currently Being Moderated

HTTPS / WebService issue in AIR 1.5?

May 25, 2009 6:25 AM

Hi experts,

 

I'm working on an AIR app which was running fine under AIR 1.0. But since I've upgrade to AIR 1.5 there's a problem with accessing a HTTP*S*-WebService.

 

When I try to access this service with a Flash based application, everything works just fine. When I try to access ithe service with AIR 1.0, it works fine, too. When I try to connect to a regular (i.e. not secure) HTTP-Service, even with AIR 1.5 it works fine. Just the combination AIR 1.5 and HTTP*S*-WebServices seems to fail.

 

Has anyone an idea?

 

Any help would be gladly appreciated.

 

Thanks in advance

 

illergeek

 
Replies
  • Currently Being Moderated
    May 26, 2009 6:53 PM   in reply to illergeek

    Without details it's tough to say, but could this be it:

    http://go.adobe.com/kb/ts_kb408097_en-us

     

    I'd think AIR 1.5 comes with the most-most-recent version of flash player 10 (in which the bug is fixed... but I don't remember the minor versions offhand...) but perhaps not. Check the exact flash player version in which success and failure happens.

     

    Ted

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 19, 2010 2:25 AM   in reply to illergeek

    I am using Air 2.0. me too have this problem.

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 21, 2010 12:19 PM   in reply to barathang

    If you are using windows, it may be the certificate revocation checking problem I encountered.  If you have 'Check for Server Revocation' checked in the Internet Options (advanced), and it doesn't successfully follow the revocation chain, the https call fails.  Even though this is a windows setting, IE seems to ignore it, or uses its own mechanism for revocation checking.  If you install Google Chrome browser, and try the call, you will get a warning message if this is the problem.  It is also much easier to turn off the certificate checking with Chrome than it is the Windows control panel->Internet Options.

    Mark

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 21, 2010 9:39 PM   in reply to oldMster

    OldMaster,

     

    I already did like that, but this is not a correct work around. Because we can't ask the customer to do like this. Is there is any work around to solve this problem?

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 22, 2010 9:09 AM   in reply to barathang

    No, because the problem is not with AIR, it is with either the site's certificate, or with the configuration of the client's machine or network that prevents the certificate revocation checking from working correctly.  AIR does not let you do potentially unsafe or damaging things to the machine it is installed on, which is a good thing.  The customer has configured their machine to not allow connections to secure sites that the certificate revocation check fails on.  If AIR allowed you to circumvent this, it would be a huge security hole.  Which of course would be splashed all over all the security and computer media web sites and blogs, and then you wouldn't be able to get an AIR application installed anywhere.

     

    That said, I would much prefer that AIR send back a more useable error, so that I can trap it correctly and display an explanation window to the user so they can then make the decision if they want to change their configuration.  Given the number of things that can cause an http / https call to fail, trying to display all the possible reasons would be a waste of time.

     

    Mark

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 22, 2010 10:13 AM   in reply to oldMster

    I posted a request on ideas.adobe.com for AIR to improve the error events returned with http/https calls. If you agree this would be valuable, please logon to ideas.adobe.com and vote for it!

    Mark

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 22, 2010 11:35 PM   in reply to oldMster

     

     

    No, because the problem is not with AIR, it is with either the site's certificate, or with the configuration of the client's machine or network that prevents the certificate revocation checking from working correctly.

     

     

    Hi Mark,

     

    The site that I have invoke has the proper signed certificate. I think site certificate has not been loaded. May be if we import site certificate into the system, it solves the problem.

     

    Is there is any possible to import the site certificate through the application

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points