search

MarcusWolschon / osmeditor4android

Vespucci is a OpenStreetMap editor for Android
http://vespucci.io
Other
356 stars 82 forks source link

Error de conexión (Connection error) #2556

Closed vespucci-reporter closed 2 weeks ago

vespucci-reporter commented 1 month ago

Description:

Hola. Hablo para reportar un problema que estoy presentando. Intento descargar un área para editar en la app. Pero entonces Vespucci me dice que no se pudo conectar al servidor. Estoy usando una conexión Wi-Fi y sigo presentando este problema.

Device info:

App version20.0.0.0
App version code2801
Android build versionJ111MUBU0AQF2
Android release version5.1.1
Android SDK version22
Android build IDLMY47V.J111MUBU0AQF2
Device brandsamsung
Device manufacturersamsung
Device namej1acevelte
Device modelSM-J111M
Device product namej1acevelteub
Device hardware namesc8830
ABIs[armeabi-v7a, armeabi]
ABIs (32bit)[armeabi-v7a, armeabi]
ABIs (64bit)[]
simonpoole commented 1 month ago

Hi were you able to connect to openstreetmap.org with your device while Vespucci wasn't able to?

simonpoole commented 1 month ago

Not actionable.

AntonKhorev commented 1 month ago

Hi were you able to connect to openstreetmap.org

Yes.

I had to go to settings > advanced preferences > server settings > osm api url, switch to sandbox api, download an area, switch back to live api and only after that I could login and download data.

simonpoole commented 1 month ago

@AntonKhorev but you were not the person reporting the issue? Or were you?

AntonKhorev commented 1 month ago

I'm not the one who opened this issue.

simonpoole commented 1 month ago

I'm not the one who opened this issue.

Sorry just wanted to be sure, I've seen the same behaviour on a friends device in the mean time.

Question: did the migration to OAuth2 work for you and have you previously used offline data?

AntonKhorev commented 1 month ago

Currently I have a "Vespucci 3rd party" authorization in https://www.openstreetmap.org/oauth2/authorized_applications and I still have switch to sandbox if Vespucci stops.

I didn't notice any migration messages when this started happening. I saw them later when I tried installing various versions of Vespucci.

AntonKhorev commented 1 month ago

Here's what I see if I don't download from sandbox first:

Screenshot_20240514-010357

AntonKhorev commented 1 month ago

Offline data: I don't know, usually I have data from a previous editing session.

AntonKhorev commented 1 month ago

Connection errors started happening when I tried editing with version 20.0.1.0 for the first time (all versions are from F-Droid). I went back to 20.0.0.0 and also got connection errors. Then I went back to 19.3.5.0 and I still got connection errors.

After that I checked my last successful edit and it was with 20.0.0.0: https://www.openstreetmap.org/changeset/150552983 No connection errors were happening at that time.

simonpoole commented 1 month ago

.. and I still have switch to sandbox if Vespucci stops.

So you are still seeing the behaviour? If so could you immediately after you get the error message send a crash dump (main overflow menu -> Debug -> Button at the bottom of the screen), pls include a reference to this issue in the comment.

simonpoole commented 1 month ago

@AntonKhorev got the dump, unluckily it missed the relevant bit. We only receive 500 lines of logs and and an issue with an unrelated app used up most of that. If you want to, you can try again, perhaps try to make the device as quiescent as possible.

simonpoole commented 3 weeks ago

@AntonKhorev is this still occurring?

AntonKhorev commented 3 weeks ago

still occurring in v20.0.1.0

SlavaZoid commented 3 weeks ago

I have the same problem. I am using Android 7.

simonpoole commented 3 weeks ago

@SlavaZoid It could be an issue with the version created by F-Droid, but in any case just to re-iterate:

Screenshot_1718035167 Screenshot_1718035179

SlavaZoid commented 3 weeks ago

all settings are made as shown in the screenshot.

https://drive.google.com/file/d/1eI7IIaLmqhStwiELzCd9dYiEfLX1uvbB/view?usp=drivesdk

The app was installed from Google Play. ver: 20.0.2.0

simonpoole commented 3 weeks ago

Could you try to send in a crash dump immediately after you get the error message (as described above), please indicate that it is for this error.

SlavaZoid commented 3 weeks ago

I'm not sure if I did everything right.

  1. I received an error message
  2. Pressed the buttons: ... - Information - Send debugging information.
  3. Added the signature: Connection error (from SlavaZoid)
simonpoole commented 3 weeks ago

@SlavaZoid Thanks that worked and the issue is obvious now.

Seems as if some devices don't have the correct certificates installed, or there is a configuration issue on the OSM API side of things.

According to @datendelphin installing the ISRG root X1 certificate manually fixes the issue. See https://letsencrypt.org/certificates/

06-11 11:02:45.572 E/Server  (29181): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
06-11 11:02:45.572 E/Server  (29181):   at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:549)
06-11 11:02:45.572 E/Server  (29181):   at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:508)
06-11 11:02:45.572 E/Server  (29181):   at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:401)
06-11 11:02:45.572 E/Server  (29181):   at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:375)
06-11 11:02:45.572 E/Server  (29181):   at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:304)
06-11 11:02:45.572 E/Server  (29181):   at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
06-11 11:02:45.572 E/Server  (29181):   at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
06-11 11:02:45.572 E/Server  (29181):   at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:178)
06-11 11:02:45.572 E/Server  (29181):   at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:596)
06-11 11:02:45.572 E/Server  (29181):   at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
06-11 11:02:45.572 E/Server  (29181):   at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
06-11 11:02:45.572 E/Server  (29181):   ... 25 more
06-11 11:02:45.572 E/Server  (29181): Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
06-11 11:02:45.572 E/Server  (29181):   ... 36 more
06-11 11:02:45.572 E/Server  (29181): Problem accessing capabilities
06-11 11:02:45.572 E/Server  (29181): javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
06-11 11:02:45.572 E/Server  (29181):   at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:361)
06-11 11:02:45.572 E/Server  (29181):   at y6.b.f(SourceFile:78)
06-11 11:02:45.572 E/Server  (29181):   at y6.b.c(SourceFile:125)
06-11 11:02:45.572 E/Server  (29181):   at y6.d.d(SourceFile:258)
06-11 11:02:45.572 E/Server  (29181):   at y6.d.e(SourceFile:7)
06-11 11:02:45.572 E/Server  (29181):   at x6.a.a(SourceFile:423)
06-11 11:02:45.572 E/Server  (29181):   at z6.g.b(SourceFile:150)
06-11 11:02:45.572 E/Server  (29181):   at z6.g.a(SourceFile:7)
06-11 11:02:45.572 E/Server  (29181):   at x6.a.a(SourceFile:133)
06-11 11:02:45.572 E/Server  (29181):   at z6.g.b(SourceFile:150)
06-11 11:02:45.572 E/Server  (29181):   at z6.g.a(SourceFile:7)
06-11 11:02:45.572 E/Server  (29181):   at z6.a.a(SourceFile:240)
06-11 11:02:45.572 E/Server  (29181):   at z6.g.b(SourceFile:150)
06-11 11:02:45.572 E/Server  (29181):   at z6.h.a(SourceFile:37)
06-11 11:02:45.572 E/Server  (29181):   at z6.g.b(SourceFile:150)
06-11 11:02:45.572 E/Server  (29181):   at z6.g.a(SourceFile:7)
06-11 11:02:45.572 E/Server  (29181):   at okhttp3.z.d(SourceFile:101)
06-11 11:02:45.572 E/Server  (29181):   at okhttp3.z.a(SourceFile:37)
06-11 11:02:45.572 E/Server  (29181):   at de.blau.android.osm.Server.D(SourceFile:69)
06-11 11:02:45.572 E/Server  (29181):   at de.blau.android.osm.Server.m(SourceFile:9)
06-11 11:02:45.572 E/Server  (29181):   at de.blau.android.osm.Server.l(SourceFile:9)
06-11 11:02:45.572 E/Server  (29181):   at de.blau.android.Logic.z(SourceFile:89)
06-11 11:02:45.572 E/Server  (29181):   at de.blau.android.Logic$2.a(SourceFile:45)
06-11 11:02:45.572 E/Server  (29181):   at de.blau.android.util.c.call(SourceFile:11)
06-11 11:02:45.572 E/Server  (29181):   at java.util.concurrent.FutureTask.run(FutureTask.java:237)
06-11 11:02:45.572 E/Server  (29181):   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
06-11 11:02:45.572 E/Server  (29181):   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
06-11 11:02:45.572 E/Server  (29181):   at java.lang.Thread.run(Thread.java:761)
06-11 11:02:45.572 E/Server  (29181): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
06-11 11:02:45.572 E/Server  (29181):   at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:549)
06-11 11:02:45.572 E/Server  (29181):   at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:508)
06-11 11:02:45.572 E/Server  (29181):   at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:401)
06-11 11:02:45.572 E/Server  (29181):   at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:375)
06-11 11:02:45.572 E/Server  (29181):   at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:304)
06-11 11:02:45.572 E/Server  (29181):   at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
06-11 11:02:45.572 E/Server  (29181):   at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
06-11 11:02:45.572 E/Server  (29181):   at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:178)
06-11 11:02:45.572 E/Server  (29181):   at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:596)
06-11 11:02:45.572 E/Server  (29181):   at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
06-11 11:02:45.572 E/Server  (29181):   at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
06-11 11:02:45.572 E/Server  (29181):   ... 27 more
06-11 11:02:45.572 E/Server  (29181): Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
06-11 11:02:45.572 E/Server  (29181):   ... 38 more
06-11 11:02:45.572 D/Server  (29181): getStreamForBox
06-11 11:02:45.572 D/OsmoseServer(29181): getBugsForBox
06-11 11:02:45.573 D/Server  (29181): get input stream for  https://api.openstreetmap.org/api/0.6/map?bbox=27.3069058,53.9495669,27.3183248,53.9599754
SlavaZoid commented 3 weeks ago

Deleted the current certificate and installed a new one. I tried isrrootx1.pem, then isrg-root-x1-cross-signed.pem. Page https://valid-isrgrootx1.letsencrypt.org the phone open without errors, but the program still reports a server error. crash dump sent.

I looked at the logcat. The error is the same: 06-11 14:39:25.508 E/Server ( 8832): javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

AntonKhorev commented 3 weeks ago

I had to go to settings > advanced preferences > server settings > osm api url, switch to sandbox api, download an area, switch back to live api and only after that I could login and download data.

Actually I don't have to download an area. Switching to the sandbox api, exiting the settings, switching back to the main api is enough. v20.0.2.0.

SlavaZoid commented 3 weeks ago

And it worked!!! Anton, thank you Thank you all for your help.

simonpoole commented 3 weeks ago

Page https://valid-isrgrootx1.letsencrypt.org

That is likely misleading, browsers typically maintain their own trust store and do not use the system provided one. The fact that opening a connection to the dev server "magically" fixes the issue seems to be highly suspect.

simonpoole commented 3 weeks ago

See https://community.letsencrypt.org/t/letsencrypt-certificates-fails-on-android-phones-running-android-7-or-older/205686/2 essentially I suspect you are all screwed. I will give providing our own trust store a look but I wouldn't get my hopes high.

See also https://github.com/MarcusWolschon/osmeditor4android/issues/1277

simonpoole commented 2 weeks ago

Note that as mentioned on the release the fix doesn't resolve the issue for anything that uses a webview with other words re-authenticating to openstreetmap.org will currently not work. However we have a fix in the works for that too.

See https://github.com/MarcusWolschon/osmeditor4android/issues/2578

SlavaZoid commented 2 weeks ago

I installed version 20.0.3 Release. Everything is working well. Thank you.