search

evilGmonkey / opendatakit

Automatically exported from code.google.com/p/opendatakit
0 stars 0 forks source link

odk collect 1.1.7 crashes getting formlist #335

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
I'm trying to implement a custom server, so there's almost surely an issue on 
the server side; however, even in the case of wrong or even malicious response 
from the server, ODK collect should never crash.

It looks like it crashes when retrieving the formList over https if the server 
doesn't have a valid certificate (I'm only guessing)

What steps will reproduce the problem?
1. get the form list from a server with https without a certificate

What is the expected output? What do you see instead?

Expected is some meaningful error message to the user saying that the identity 
of the server cannot be verified

Observed is that ODK Collect crashes

I think this is the relevant part of the log:

09-24 18:50:13.152 W/System.err(25941): 
javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
09-24 18:50:13.152 W/System.err(25941): at 
org.apache.harmony.xnet.provider.jsse.SSLSessionImpl.getPeerCertificates(SSLSess
ionImpl.java:258)
09-24 18:50:13.152 W/System.err(25941): at 
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93)
09-24 18:50:13.152 W/System.err(25941): at 
org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381
)
09-24 18:50:13.152 W/System.err(25941): at 
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(Default
ClientConnectionOperator.java:164)
09-24 18:50:13.152 W/System.err(25941): at 
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
09-24 18:50:13.162 W/System.err(25941): at 
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapt
er.java:119)
09-24 18:50:13.162 W/System.err(25941): at 
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirecto
r.java:359)
09-24 18:50:13.162 W/System.err(25941): at 
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:5
55)
09-24 18:50:13.162 W/System.err(25941): at 
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:4
87)
09-24 18:50:13.162 W/System.err(25941): at 
org.odk.collect.android.utilities.WebUtils.getXmlDocument(WebUtils.java:216)
09-24 18:50:13.162 W/System.err(25941): at 
org.odk.collect.android.tasks.DownloadFormListTask.doInBackground(DownloadFormLi
stTask.java:82)
09-24 18:50:13.162 W/System.err(25941): at 
org.odk.collect.android.tasks.DownloadFormListTask.doInBackground(DownloadFormLi
stTask.java:1)
09-24 18:50:13.162 W/System.err(25941): at 
android.os.AsyncTask$2.call(AsyncTask.java:185)
09-24 18:50:13.162 W/System.err(25941): at 
java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:306)
09-24 18:50:13.162 W/System.err(25941): at 
java.util.concurrent.FutureTask.run(FutureTask.java:138)
09-24 18:50:13.172 W/System.err(25941): at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1088)
09-24 18:50:13.172 W/System.err(25941): at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:581)
09-24 18:50:13.172 W/System.err(25941): at 
java.lang.Thread.run(Thread.java:1027)
09-24 18:50:13.192 W/dalvikvm(25941): threadid=12: thread exiting with uncaught 
exception (group=0x4001d5a0)
09-24 18:50:13.213 D/dalvikvm(25941): GC_CONCURRENT freed 418K, 50% free 
3067K/6023K, external 0K/0K, paused 1ms+1ms
09-24 18:50:13.213 E/AndroidRuntime(25941): FATAL EXCEPTION: AsyncTask #4
09-24 18:50:13.213 E/AndroidRuntime(25941): java.lang.RuntimeException: An 
error occured while executing doInBackground()
09-24 18:50:13.213 E/AndroidRuntime(25941): at 
android.os.AsyncTask$3.done(AsyncTask.java:200)
09-24 18:50:13.213 E/AndroidRuntime(25941): at 
java.util.concurrent.FutureTask$Sync.innerSetException(FutureTask.java:274)
09-24 18:50:13.213 E/AndroidRuntime(25941): at 
java.util.concurrent.FutureTask.setException(FutureTask.java:125)
09-24 18:50:13.213 E/AndroidRuntime(25941): at 
java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:308)
09-24 18:50:13.213 E/AndroidRuntime(25941): at 
java.util.concurrent.FutureTask.run(FutureTask.java:138)
09-24 18:50:13.213 E/AndroidRuntime(25941): at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1088)
09-24 18:50:13.213 E/AndroidRuntime(25941): at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:581)
09-24 18:50:13.213 E/AndroidRuntime(25941): at 
java.lang.Thread.run(Thread.java:1027)
09-24 18:50:13.213 E/AndroidRuntime(25941): Caused by: 
java.lang.NullPointerException
09-24 18:50:13.213 E/AndroidRuntime(25941): at 
org.odk.collect.android.utilities.WebUtils.getXmlDocument(WebUtils.java:327)
09-24 18:50:13.213 E/AndroidRuntime(25941): at 
org.odk.collect.android.tasks.DownloadFormListTask.doInBackground(DownloadFormLi
stTask.java:82)
09-24 18:50:13.213 E/AndroidRuntime(25941): at 
org.odk.collect.android.tasks.DownloadFormListTask.doInBackground(DownloadFormLi
stTask.java:1)
09-24 18:50:13.213 E/AndroidRuntime(25941): at 
android.os.AsyncTask$2.call(AsyncTask.java:185)
09-24 18:50:13.213 E/AndroidRuntime(25941): at 
java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:306)
09-24 18:50:13.213 E/AndroidRuntime(25941): ... 4 more
09-24 18:50:13.213 W/ActivityManager( 1487):   Force finishing activity 
org.odk.collect.android/.activities.FormDownloadList

Original issue reported on code.google.com by matteosi...@gmail.com on 24 Sep 2011 at 5:02

GoogleCodeExporter commented 9 years ago

Original comment by wbrune...@gmail.com on 25 Sep 2011 at 4:29

GoogleCodeExporter commented 9 years ago

Original comment by yanokwa on 4 Oct 2011 at 7:15

GoogleCodeExporter commented 9 years ago

Original comment by yanokwa on 25 May 2012 at 3:46

GoogleCodeExporter commented 9 years ago

Original comment by yanokwa on 25 May 2012 at 8:14

GoogleCodeExporter commented 9 years ago 
Would be nice to document the various threads that discuss adding root 
certificates to Android.  This is the nature of HTTPS protocols and works as 
designed.

Original comment by mitchellsundt@gmail.com on 30 Jun 2012 at 12:33

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
Do you mean that the new version does not crash any more and instead issues an 
error message?

Original comment by matteosi...@gmail.com on 30 Jun 2012 at 1:22

GoogleCodeExporter commented 9 years ago 
Yes, 1.2 issues an error message:

Form listing failed. Error: java.security.cert.CertPathValidatorException: 
TrustAnchor for CertPath not found. while accessing https://..../formLIst.

This occurs if the server has a self-signed or other unrecognized SSL 
certificate configured.

If you get a crash on 1.2 (default tip of ODK Collect), then it is something 
other than a bad SSL certificate. Update this ticket with the repro case and 
I'll try to duplicate it.

Original comment by mitchellsundt@gmail.com on 2 Jul 2012 at 6:11