search

iFixit / iFixitAndroid

Official iFixit Android App
https://play.google.com/store/apps/details?id=com.dozuki.ifixit
GNU General Public License v3.0
162 stars 88 forks source link

SSL errors on Android 2.2 #145

Closed marczych closed 11 years ago

marczych commented 11 years ago

We get nasty SSL errors for requests to www.ifixit.com on Android 2.2. I'm fairly confident it's because our new SSL certificate uses a new intermediate certificate authority that is not included on Android 2.2 :disappointed: . Options include:

  1. Drop support for 2.2.
  2. Ignore certificate errors on 2.2.
  3. Include our SSL cert with the app and include it in the certificate chain. We would have to do this for both www.ifixit.com and *.dozuki.com. http://stackoverflow.com/a/6378872/1135611

3 is really the only reasonable solution.

Here's the stacktrace:

W/System.err( 1620): javax.net.ssl.SSLException: Not trusted server certificate
W/System.err( 1620):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:371)
W/System.err( 1620):    at com.squareup.okhttp.Connection.upgradeToTls(Connection.java:146)
W/System.err( 1620):    at com.squareup.okhttp.Connection.connect(Connection.java:107)
W/System.err( 1620):    at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:291)
W/System.err( 1620):    at com.squareup.okhttp.internal.http.HttpEngine.sendSocketRequest(HttpEngine.java:252)
W/System.err( 1620):    at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:203)
W/System.err( 1620):    at com.squareup.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:344)
W/System.err( 1620):    at com.squareup.okhttp.internal.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:295)
W/System.err( 1620):    at com.squareup.okhttp.internal.http.HttpURLConnectionImpl.getHeaderField(HttpURLConnectionImpl.java:142)
W/System.err( 1620):    at com.squareup.okhttp.internal.http.HttpsURLConnectionImpl.getHeaderField(HttpsURLConnectionImpl.java:226)
W/System.err( 1620):    at com.github.kevinsawicki.http.HttpRequest.header(HttpRequest.java:2025)
W/System.err( 1620):    at com.github.kevinsawicki.http.HttpRequest.parameter(HttpRequest.java:2120)
W/System.err( 1620):    at com.github.kevinsawicki.http.HttpRequest.charset(HttpRequest.java:2230)
W/System.err( 1620):    at com.github.kevinsawicki.http.HttpRequest.body(HttpRequest.java:1690)
W/System.err( 1620):    at com.dozuki.ifixit.util.APIService$4.doInBackground(APIService.java:740)
W/System.err( 1620):    at com.dozuki.ifixit.util.APIService$4.doInBackground(APIService.java:665)
W/System.err( 1620):    at android.os.AsyncTask$2.call(AsyncTask.java:185)
W/System.err( 1620):    at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
W/System.err( 1620):    at java.util.concurrent.FutureTask.run(FutureTask.java:137)
W/System.err( 1620):    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068)
W/System.err( 1620):    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561)
W/System.err( 1620):    at java.lang.Thread.run(Thread.java:1096)
W/System.err( 1620): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
W/System.err( 1620):    at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168)
W/System.err( 1620):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:366)
W/System.err( 1620):    ... 21 more
W/System.err( 1620): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
W/System.err( 1620):    at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:225)
W/System.err( 1620):    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:202)
W/System.err( 1620):    at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164)
W/System.err( 1620):    ... 22 more
E/APIService( 1620): IOException from request
E/APIService( 1620): javax.net.ssl.SSLException: Not trusted server certificate
E/APIService( 1620):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:371)
E/APIService( 1620):    at com.squareup.okhttp.Connection.upgradeToTls(Connection.java:146)
E/APIService( 1620):    at com.squareup.okhttp.Connection.connect(Connection.java:107)
E/APIService( 1620):    at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:291)
E/APIService( 1620):    at com.squareup.okhttp.internal.http.HttpEngine.sendSocketRequest(HttpEngine.java:252)
E/APIService( 1620):    at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:203)
E/APIService( 1620):    at com.squareup.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:344)
E/APIService( 1620):    at com.squareup.okhttp.internal.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:295)
E/APIService( 1620):    at com.squareup.okhttp.internal.http.HttpURLConnectionImpl.getHeaderField(HttpURLConnectionImpl.java:142)
E/APIService( 1620):    at com.squareup.okhttp.internal.http.HttpsURLConnectionImpl.getHeaderField(HttpsURLConnectionImpl.java:226)
E/APIService( 1620):    at com.github.kevinsawicki.http.HttpRequest.header(HttpRequest.java:2025)
E/APIService( 1620):    at com.github.kevinsawicki.http.HttpRequest.parameter(HttpRequest.java:2120)
E/APIService( 1620):    at com.github.kevinsawicki.http.HttpRequest.charset(HttpRequest.java:2230)
E/APIService( 1620):    at com.github.kevinsawicki.http.HttpRequest.body(HttpRequest.java:1690)
E/APIService( 1620):    at com.dozuki.ifixit.util.APIService$4.doInBackground(APIService.java:740)
E/APIService( 1620):    at com.dozuki.ifixit.util.APIService$4.doInBackground(APIService.java:665)
E/APIService( 1620):    at android.os.AsyncTask$2.call(AsyncTask.java:185)
E/APIService( 1620):    at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
E/APIService( 1620):    at java.util.concurrent.FutureTask.run(FutureTask.java:137)
E/APIService( 1620):    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068)
E/APIService( 1620):    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561)
E/APIService( 1620):    at java.lang.Thread.run(Thread.java:1096)
E/APIService( 1620): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
E/APIService( 1620):    at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168)
E/APIService( 1620):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:366)
E/APIService( 1620):    ... 21 more
E/APIService( 1620): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
E/APIService( 1620):    at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:225)
E/APIService( 1620):    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:202)
E/APIService( 1620):    at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164)
E/APIService( 1620):    ... 22 more
danielbeardsley commented 11 years ago

That really sucks! Yes, I agree, 3 sounds like the best option.