We get nasty SSL errors for requests to www.ifixit.com on Android 2.2. I'm fairly confident it's because our new SSL certificate uses a new intermediate certificate authority that is not included on Android 2.2 :disappointed: . Options include:
Drop support for 2.2.
Ignore certificate errors on 2.2.
Include our SSL cert with the app and include it in the certificate chain. We would have to do this for both www.ifixit.com and *.dozuki.com. http://stackoverflow.com/a/6378872/1135611
3 is really the only reasonable solution.
Here's the stacktrace:
W/System.err( 1620): javax.net.ssl.SSLException: Not trusted server certificate
W/System.err( 1620): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:371)
W/System.err( 1620): at com.squareup.okhttp.Connection.upgradeToTls(Connection.java:146)
W/System.err( 1620): at com.squareup.okhttp.Connection.connect(Connection.java:107)
W/System.err( 1620): at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:291)
W/System.err( 1620): at com.squareup.okhttp.internal.http.HttpEngine.sendSocketRequest(HttpEngine.java:252)
W/System.err( 1620): at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:203)
W/System.err( 1620): at com.squareup.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:344)
W/System.err( 1620): at com.squareup.okhttp.internal.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:295)
W/System.err( 1620): at com.squareup.okhttp.internal.http.HttpURLConnectionImpl.getHeaderField(HttpURLConnectionImpl.java:142)
W/System.err( 1620): at com.squareup.okhttp.internal.http.HttpsURLConnectionImpl.getHeaderField(HttpsURLConnectionImpl.java:226)
W/System.err( 1620): at com.github.kevinsawicki.http.HttpRequest.header(HttpRequest.java:2025)
W/System.err( 1620): at com.github.kevinsawicki.http.HttpRequest.parameter(HttpRequest.java:2120)
W/System.err( 1620): at com.github.kevinsawicki.http.HttpRequest.charset(HttpRequest.java:2230)
W/System.err( 1620): at com.github.kevinsawicki.http.HttpRequest.body(HttpRequest.java:1690)
W/System.err( 1620): at com.dozuki.ifixit.util.APIService$4.doInBackground(APIService.java:740)
W/System.err( 1620): at com.dozuki.ifixit.util.APIService$4.doInBackground(APIService.java:665)
W/System.err( 1620): at android.os.AsyncTask$2.call(AsyncTask.java:185)
W/System.err( 1620): at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
W/System.err( 1620): at java.util.concurrent.FutureTask.run(FutureTask.java:137)
W/System.err( 1620): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068)
W/System.err( 1620): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561)
W/System.err( 1620): at java.lang.Thread.run(Thread.java:1096)
W/System.err( 1620): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
W/System.err( 1620): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168)
W/System.err( 1620): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:366)
W/System.err( 1620): ... 21 more
W/System.err( 1620): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
W/System.err( 1620): at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:225)
W/System.err( 1620): at java.security.cert.CertPathValidator.validate(CertPathValidator.java:202)
W/System.err( 1620): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164)
W/System.err( 1620): ... 22 more
E/APIService( 1620): IOException from request
E/APIService( 1620): javax.net.ssl.SSLException: Not trusted server certificate
E/APIService( 1620): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:371)
E/APIService( 1620): at com.squareup.okhttp.Connection.upgradeToTls(Connection.java:146)
E/APIService( 1620): at com.squareup.okhttp.Connection.connect(Connection.java:107)
E/APIService( 1620): at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:291)
E/APIService( 1620): at com.squareup.okhttp.internal.http.HttpEngine.sendSocketRequest(HttpEngine.java:252)
E/APIService( 1620): at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:203)
E/APIService( 1620): at com.squareup.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:344)
E/APIService( 1620): at com.squareup.okhttp.internal.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:295)
E/APIService( 1620): at com.squareup.okhttp.internal.http.HttpURLConnectionImpl.getHeaderField(HttpURLConnectionImpl.java:142)
E/APIService( 1620): at com.squareup.okhttp.internal.http.HttpsURLConnectionImpl.getHeaderField(HttpsURLConnectionImpl.java:226)
E/APIService( 1620): at com.github.kevinsawicki.http.HttpRequest.header(HttpRequest.java:2025)
E/APIService( 1620): at com.github.kevinsawicki.http.HttpRequest.parameter(HttpRequest.java:2120)
E/APIService( 1620): at com.github.kevinsawicki.http.HttpRequest.charset(HttpRequest.java:2230)
E/APIService( 1620): at com.github.kevinsawicki.http.HttpRequest.body(HttpRequest.java:1690)
E/APIService( 1620): at com.dozuki.ifixit.util.APIService$4.doInBackground(APIService.java:740)
E/APIService( 1620): at com.dozuki.ifixit.util.APIService$4.doInBackground(APIService.java:665)
E/APIService( 1620): at android.os.AsyncTask$2.call(AsyncTask.java:185)
E/APIService( 1620): at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
E/APIService( 1620): at java.util.concurrent.FutureTask.run(FutureTask.java:137)
E/APIService( 1620): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068)
E/APIService( 1620): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561)
E/APIService( 1620): at java.lang.Thread.run(Thread.java:1096)
E/APIService( 1620): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
E/APIService( 1620): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168)
E/APIService( 1620): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:366)
E/APIService( 1620): ... 21 more
E/APIService( 1620): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
E/APIService( 1620): at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:225)
E/APIService( 1620): at java.security.cert.CertPathValidator.validate(CertPathValidator.java:202)
E/APIService( 1620): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164)
E/APIService( 1620): ... 22 more
We get nasty SSL errors for requests to
www.ifixit.com
on Android 2.2. I'm fairly confident it's because our new SSL certificate uses a new intermediate certificate authority that is not included on Android 2.2 :disappointed: . Options include:www.ifixit.com
and*.dozuki.com
. http://stackoverflow.com/a/6378872/11356113 is really the only reasonable solution.
Here's the stacktrace: