Android 9 SSL Bug

[devmau5]

I currently run the app on two devices: a phone (Galaxy S9) and a tablet. The tablet has no issues connecting to my mosquitto broker. However my phone does not seem to connect no matter what I do, despite both having identical settings, except for the client certificates of course. I keep getting this error in the mosquitto logs:

OpenSSL Error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
OpenSSL Error: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
Socket error on client <unknown>, disconnecting.

I have tested the certificate itself with mosquitto_pub/sub and it seems to be working, but once I copy it to the app the status area says reconnecting and the above keeps showing up in the logs every minute or so.

[deepessh]

Thanks for raising the issue. I’ll look into it.

[MrMiracles]

Have the some problem. Weird thing is, any configuration changes after the first one are not picked up. I tried for example the websocket version (which runs on port 8833) but according to the Mosquitto log it keep trying to connect to port 8883. Which is weird if you ask me, and might help you figuring out this problem...

• Tried deleting the broker and at a new one, still keeps connecting on 8883
• Tried to disable the broker, still keeps trying to connect

btw:

• The app shows at the top that it's trying to connect to port 8833, mosquitto tells me otherwise.
• Owntracks works fine on the same phone with the same certificates and credentials.

1585141101: New connection from xx.xxx.xxx.xxx on port 8883.
1585141101: OpenSSL Error[0]: error:14035416:SSL routines:ACCEPT_SR_CERT:sslv3 alert certificate unknown
1585141101: OpenSSL Error[1]: error:140350E5:SSL routines:ACCEPT_SR_CERT:ssl handshake failure
1585141101: Socket error on client <unknown>, disconnecting.

[devmau5]

@dc297 some additional notes on this issue:

• After seeing @MrMiracles comment I tried clearing all app data. Even after re-adding the configuration it was still unable to connect.
• Even after the broker configuration is set to disabled the app seems to still be trying to connect, though it seems to be retrying with an exponential backoff compared to the ~10 second delay when the broker is enabled.