search

fusesource / mqtt-client

A Java MQTT Client
http://mqtt-client.fusesource.org/
Apache License 2.0
1.27k stars 369 forks source link

Android Conscrypt CertPathValidatorException #118

Open eygraber opened 4 years ago

eygraber commented 4 years ago

I got the following crash from an Android user. From the logs, it looks like there were network issues happening, because there was MQTT traffic prior to the network going down.

Fatal Exception: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
       at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:659)
       at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:537)
       at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:603)
       at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:603)
       at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:603)
       at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:493)
       at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:416)
       at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:351)
       at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:102)
       at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:104)
       at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:227)
       at com.android.org.conscrypt.OpenSSLEngineImpl.verifyCertificateChain(OpenSSLEngineImpl.java:1361)
       at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(NativeCrypto.java)
       at com.android.org.conscrypt.OpenSSLEngineImpl.unwrap(OpenSSLEngineImpl.java:788)
       at com.android.org.conscrypt.OpenSSLEngineImpl.unwrap(OpenSSLEngineImpl.java:630)
       at com.android.org.conscrypt.OpenSSLEngineImpl.unwrap(OpenSSLEngineImpl.java:596)
       at org.fusesource.hawtdispatch.transport.SslTransport.secure_read(SslTransport.java:365)
       at org.fusesource.hawtdispatch.transport.SslTransport.handshake(SslTransport.java:434)
       at org.fusesource.hawtdispatch.transport.SslTransport.drainInbound(SslTransport.java:274)
       at org.fusesource.hawtdispatch.transport.TcpTransport$6.run(TcpTransport.java:592)
       at org.fusesource.hawtdispatch.internal.NioDispatchSource$3.run(NioDispatchSource.java:209)
       at org.fusesource.hawtdispatch.internal.SerialDispatchQueue.run(SerialDispatchQueue.java:100)
       at org.fusesource.hawtdispatch.internal.pool.SimpleThread.run(SimpleThread.java:77)

Caused by java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
       at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:659)
       at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:537)
       at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:603)
       at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:603)
       at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:603)
       at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:493)
       at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:416)
       at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:351)
       at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:102)
       at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:104)
       at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:227)
       at com.android.org.conscrypt.OpenSSLEngineImpl.verifyCertificateChain(OpenSSLEngineImpl.java:1361)
       at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(NativeCrypto.java)
       at com.android.org.conscrypt.OpenSSLEngineImpl.unwrap(OpenSSLEngineImpl.java:788)
       at com.android.org.conscrypt.OpenSSLEngineImpl.unwrap(OpenSSLEngineImpl.java:630)
       at com.android.org.conscrypt.OpenSSLEngineImpl.unwrap(OpenSSLEngineImpl.java:596)
       at org.fusesource.hawtdispatch.transport.SslTransport.secure_read(SslTransport.java:365)
       at org.fusesource.hawtdispatch.transport.SslTransport.handshake(SslTransport.java:434)
       at org.fusesource.hawtdispatch.transport.SslTransport.drainInbound(SslTransport.java:274)
       at org.fusesource.hawtdispatch.transport.TcpTransport$6.run(TcpTransport.java:592)
       at org.fusesource.hawtdispatch.internal.NioDispatchSource$3.run(NioDispatchSource.java:209)
       at org.fusesource.hawtdispatch.internal.SerialDispatchQueue.run(SerialDispatchQueue.java:100)
       at org.fusesource.hawtdispatch.internal.pool.SimpleThread.run(SimpleThread.java:77)