Closed devemux86 closed 2 months ago
abrensch
commented
4 months ago brouter.de uses a "Let's encrypt" certificate which is updated automatically everey 2 months.
The current one uses "ISRG Root X1" as the trust-root, and there are known issues that this is not contained in Android < 7.1 :
https://maxcluster.de/knowledge-base/managedcenter/lets-encrypt-isrg-root-x1-android-7-1-older
abrensch
commented
4 months ago Here's a more recent article (in germen) that explains why this happened now:
https://www.golem.de/news/tls-let-s-encrypt-will-cross-signing-beenden-2307-175756.html
So it seems there is a way to still get cross-signed certificates, but only for the next few months. I will check.
abrensch
commented
4 months ago I switched back to the previous certificate from 22.12.2023, which is still valid until 21.3.2024
So it should work again for now. And I will try to get it working until 30.9.204, but at this point in time it will stop working for Android < 7.1 Maybe switch the download to http? At least as a fallback?
devemux86
commented
4 months ago @abrensch thanks for the articles and help! :+1:
For apps that handle themselves the https connection, there are some workarounds: https://stackoverflow.com/questions/57822831/android-app-works-on-android-8-but-crashes-on-android-6
I do not know if this would be accepted in BRouter app and only for Android ≤ 7?
Maybe switch the download to http? At least as a fallback?
This is also good idea, as a fallback for old Android.
There are some recent reports of BRouter segment downloads failing with CertPathValidatorException, especially on older Android versions.
I can reproduce it with Android 6 and 7 emulator. But it seems to work on Android 5 and 8 emulator.
Don't know if there is a change on the server?