java.security.cert.CertPathValidatorException (was ClassNotFoundException: org.andstatus.app.net.http.OAuthClientKeysSecret)

[naturzukunft]

log.txt

[yvolk]

Hi @naturzukunft ! As I understand, you are building AndStatus yourself?! The related doc https://github.com/andstatus/andstatus/blob/master/doc/DeveloperFAQ.md mentions the step: "Insert your application's private keys to the project: See "OAuthClientKeys.java" file for more information." The location of that file changed, it's here now: https://github.com/andstatus/andstatus/blob/master/app/src/main/kotlin/org/andstatus/app/net/http/OAuthClientKeys.kt

[yvolk]

Reading deeper I see that the stacktrace is of the "Verbose" level logging message. This means that you may ignore it as the "OAuthClientKeysSecret" class is NOT required.

[yvolk]

Further in the log file we see "URL: https://dev.rdf-pub.org/.well-known/oauth-authorization-server; Caused by javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found." This means that the site was signed by a "Certificate authority" that is not trusted by the client (by Android device...) or some other server misconfiguration (please search for the error message). For the start I would open the URL by a browser and look up certificate info via it. - I did this now and couldn't get any response...

[naturzukunft]

As I understand, you are building AndStatus yourself?!

No, i'm using the app from fdroid i think.

[naturzukunft]

• I did this now and couldn't get any response...

Hm, it's a lets encrypt certificate. I can browse it from my unix notebook.

[naturzukunft]

If i call the url from the same smartphone with firefox i get also a secure connection:

[yvolk]

I checked the address https://dev.rdf-pub.org/.well-known/oauth-authorization-server using https://www.sslchecker.com/sslchecker and got on my PC that the certificate is not trusted and I need to install some "chain"/"root" certs:

BTW, what you tested could be actually not secure connection...

[yvolk]

@naturzukunft See also related issues: https://github.com/andstatus/andstatus/issues/379 and this one: https://github.com/andstatus/andstatus/issues/208 BTW, AndStatus has "Insecure SSL" option in the "Social network" settings.

[yvolk]

And here we also see the certificate's issues: https://www.ssllabs.com/ssltest/analyze.html?d=dev.rdf-pub.org "This server's certificate chain is incomplete."