search

kittoku / Open-SSTP-Client

Open SSTP Client for Android
MIT License
402 stars 104 forks source link

Error SSL:ERR_VERIFICATION_FAILED #80

Closed kavehzotac closed 1 year ago

kavehzotac commented 1 year ago

Hello . I have 2 Server With SSTP Config On CENTOS7 .

actually client shoud be try too many times for ON button to connect to the server and always we give this error : SSL:ERR_VERIFICATION_FAILED reboot the server but NO FIX change the user client but NO FIX change the dns in cloudflare but NO FIX change the app version like 1.5.8.1 or 1.5.7 or 1.5.5 but NO FIX

maybe work for couple hours correctly , maybe not work and always SSL:ERR_VERIFICATION_FAILED

can help to us please ? @kittoku

kittoku commented 1 year ago

If you are using self-singed certificate, disable Verify Hostname option.

kavehzotac commented 1 year ago

try it . but random connected and random not connecting to hostname . so we don't have any problem in iOS with the same servers , only android. Really we are confused

kittoku commented 1 year ago

If the client fails without Verify Hostname option, what do the client and the log say?

kavehzotac commented 1 year ago

unfortunately save log option is off . i will active this option and when have problem . put log here . because right now is ok and work

kavehzotac commented 1 year ago

Log for VERIFICATION FAILED with verify hostname option : [2022-12-04 10:14:54.583] Establish VPN connection [2022-12-04 10:14:54.996] SSL: ERR_VERIFICATION_FAILED [2022-12-04 10:14:55.001] Terminate VPN connection

and log without selected verify hostname ::

[2022-12-04 10:16:40.576] Establish VPN connection [2022-12-04 10:16:40.975] OSC: ERR_UNEXPECTED javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:363) at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1134) at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1089) at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:876) at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747) at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712) at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:858) at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.-$$Nest$mprocessDataFromSocket(Unknown Source:0) at com.android.org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:241) at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:220) at kittoku.osc.terminal.SSLTerminal.createSocket(SSLTerminal.kt:109) at kittoku.osc.terminal.SSLTerminal.access$createSocket(SSLTerminal.kt:26) at kittoku.osc.terminal.SSLTerminal$initializeSocket$2.invokeSuspend(SSLTerminal.kt:36) at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106) at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665) Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:654) at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:503) at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:423) at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:351) at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94) at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:90) at com.android.org.conscrypt.ConscryptEngineSocket$2.checkServerTrusted(ConscryptEngineSocket.java:163) at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:255) at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1638) at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method) at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:569) at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1095) at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1079) ... 16 more Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. ... 29 more

[2022-12-04 10:16:40.978] Terminate VPN connection

kittoku commented 1 year ago

You need to install the server's certificate to the device.

kavehzotac commented 1 year ago

install CA Bundle in device and it work . thank you

farazp commented 1 year ago

I install CA in device but get this error too! I get error invalid setting: Adding Trust certificates need ssl