search

hgoebl / DavidWebb

Lightweight Java HTTP-Client for calling JSON REST-Services (especially for Android)
https://hgoebl.github.io/DavidWebb/
MIT License
127 stars 41 forks source link

SSL error #28

Closed abrami closed 5 years ago

abrami commented 6 years ago

Recently, an error is fired when calling a https request:

com.goebl.david.WebbException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Is there a solution?

hgoebl commented 6 years ago

This is not a bug in DavidWebb. I suppose the program is attempting to establish a connection with a server with some kind of self-signed certificate. There are quite a lot of possible solutions so I cannot help you without additional information.

hgoebl commented 6 years ago

Please search or ask Stackoverflow.

sandeepyohans commented 5 years ago

I am getting the same exception on KitKat devices. After debugging, I found out that it is due to TLS1.0 not supported. Do you have a way to solve this problem in Webb api?

In OkHttp they have a solution but I don't want to switch to Retrofit and OkHttp just to provide support for KitKat devices. Also these libraries will increase the app size.

hgoebl commented 5 years ago

Thanks for the link. This problem can be solved, but currently, I don't have enough time for it. Might take a couple of weeks. Generally, it should be possible to manipulate the SSL connection factory outside of DavidWebb. @sandeepyohans could you give this a try and tell us if it works?

sandeepyohans commented 5 years ago

Sure @hgoebl I will try and post an update soon.

sandeepyohans commented 5 years ago

I found a solution. First, add dependency for Google Play Services in build file: implementation 'com.google.android.gms:play-services:+'

Then call the following method before calling web service :

private void checkTls() {
    if (android.os.Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {
        try {
            ProviderInstaller.installIfNeededAsync(this, 
            new ProviderInstaller.ProviderInstallListener() {
                @Override
                public void onProviderInstalled() {
                }

                @Override
                public void onProviderInstallFailed(int i, Intent intent) {
                }
            });
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

Reference

hgoebl commented 5 years ago

Thanks @sandeepyohans , looks good to me. Do you know how long it takes until the provider is installed? It's an async call, so it may not be advisable to open http connections directly after calling checkTls(). Do you think it's sufficient to call the installation routine on application start?

sandeepyohans commented 5 years ago

You are welcome @hgoebl The installation is pretty fast. I am doing it at application start and it runs very quickly, till now faced no issue.

hgoebl commented 5 years ago

@sandeepyohans many thanks for your help. What do you think? Would it be best to document this in the README? Because the lib should not have dependencies to Android nor Google Play Services. If you create a pull request for a changed README, you become an official contributor. :-)

sandeepyohans commented 5 years ago

Sure @hgoebl I am glad to do that. I will create a PR.