search

silkimen / cordova-plugin-advanced-http

Cordova / Phonegap plugin for communicating with HTTP servers. Allows for SSL pinning!
MIT License
391 stars 313 forks source link

[Bug] [Android] TLS connection could not be established: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. #519

Open drogerie21 opened 8 months ago

drogerie21 commented 8 months ago

Describe the bug We are getting an SSLHandshakeException on Android with our new certificate on the server. We checked the SSL-Certificate, everything looks fine, no errors. This only happens on Android with the advanced http plugin. It works in chrome on Android and it works on iOS in our app where we also use the advanced-http-plugin. Anyone experiencing the same problem?

This is the exact error:

{"status":-2,"error":"TLS connection could not be established: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found."}

System info

Are you using ionic-native-wrapper? No

Minimum viable code to reproduce we do nothing fancy, only use the sendRequest method with the url and some custom headers

FliiFe commented 7 months ago

Same issue here. Not using SSL pinning as I'm making request to an API I do not own. The only "workaround" is to set the server trust mode to nocheck, which looks super dangerous to me.

drogerie21 commented 7 months ago

Problem was partly solved. we found a glitch in the cert-chain, that was not obvious. But the weird thing was: That was accepted by every other platform (ios with the advanced-http-plugin, chrome, edge, safari on desktop and even on chrome on android it worked). Only our android app refused the certificate.

EderWillian commented 7 months ago

I'm facing a similar issue

TLS Connection could not be established: javax.net.ssl.sslhandshakeexception: read error: SSL=0X7D173F1F08: Failure in ssl library, usually a protocol error.

I'm disturbing as I'm using server trust mode 'nocheck'.

TiBz0u commented 1 month ago

Hi @drogerie21 , are you on Capacitor? ~We encounter the same issue from going from Cordova to Capacitor. The solution was to add intermediate CA into the "certificates" folder but I'm still wondering why this difference.~ After analysis with the infrastructure, we added the wrong certificate imported. So everything is fixed now.

@drogerie21 If everything is fixed, maybe we can close this ticket?

Kr.