Login fails on APIs below 25 #139

Open
opened 2023-04-12 17:59:23 +00:00 by davidoskky · 1 comment
Contributor

Prerequisites

  • Are you running the latest version?
  • Did you check for an existing issue ?
  • Are you reporting to the correct repository?
  • Did you perform a cursory search?
  • Did you read the CONTRIBUTING guide ?

Description

Login fails if the API version is too low. I believe this is due to the networkSecurityConfig only supporting API version 24 and above.

Logs

2023-04-12 17:55:44.067  3852-3852  HttpSend                bou...ps.readerforselfossv2.android  I  Will login
2023-04-12 17:55:44.067  3852-3852  HttpSend                bou...ps.readerforselfossv2.android  I  Did login
2023-04-12 17:55:44.317  3852-3852  LogApiCalls             bou...ps.readerforselfossv2.android  D  REQUEST https://domain.com//items?username=&password=&type=all&items=1 failed with exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
2023-04-12 17:55:44.318  3852-3852  Repository...ssInstance bou...ps.readerforselfossv2.android  E  javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
                                                                                                    	at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:322)
                                                                                                    	at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379)
                                                                                                    	at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)
                                                                                                    	at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)
                                                                                                    	at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)
                                                                                                    	at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)
                                                                                                    	at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)
                                                                                                    	at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255)
                                                                                                    	at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
                                                                                                    	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
                                                                                                    	at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
                                                                                                    	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
                                                                                                    	at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
                                                                                                    	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
                                                                                                    	at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
                                                                                                    	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
                                                                                                    	at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
                                                                                                    	at okhttp3.internal.connection.RealCall$AsyncCall.run(RealCall.kt:517)
                                                                                                    	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
                                                                                                    	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
                                                                                                    	at java.lang.Thread.run(Thread.java:818)
                                                                                                    Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
                                                                                                    	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:318)
                                                                                                    	at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:219)
                                                                                                    	at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:114)
                                                                                                    	at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:550)
                                                                                                    	at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
                                                                                                    	at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:318)
                                                                                                    	at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379) 
                                                                                                    	at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337) 
                                                                                                    	at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209) 
                                                                                                    	at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226) 
                                                                                                    	at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106) 
                                                                                                    	at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74) 
                                                                                                    	at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255) 
                                                                                                    	at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32) 
                                                                                                    	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) 
                                                                                                    	at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95) 
                                                                                                    	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) 
                                                                                                    	at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83) 
                                                                                                    	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) 
                                                                                                    	at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76) 
                                                                                                    	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) 
                                                                                                    	at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201) 
                                                                                                    	at okhttp3.internal.connection.RealCall$AsyncCall.run(RealCall.kt:517) 
                                                                                                    	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112) 
                                                                                                    	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587) 
                                                                                                    	at java.lang.Thread.run(Thread.java:818) 
                                                                                                    Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
                                                                                                    	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:318) 
                                                                                                    	at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:219) 
                                                                                                    	at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:114) 
                                                                                                    	at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:550) 
                                                                                                    	at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) 
                                                                                                    	at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:318) 
                                                                                                    	at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379) 
                                                                                                    	at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337) 
                                                                                                    	at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209) 
                                                                                                    	at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226) 
                                                                                                    	at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106) 
                                                                                                    	at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74) 
                                                                                                    	at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255) 
                                                                                                    	at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32) 
                                                                                                    	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) 
                                                                                                    	at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95) 
                                                                                                    	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) 
                                                                                                    	at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83) 
                                                                                                    	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) 
                                                                                                    	at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76) 
                                                                                                    	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) 
                                                                                                    	at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201) 
                                                                                                    	at okhttp3.internal.connection.RealCall$AsyncCall.run(RealCall.kt:517) 
                                                                                                    	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112) 
                                                                                                    	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587) 
                                                                                                    	at java.lang.Thread.run(Thread.java:818) 
### Prerequisites * [x] Are you running the latest version? * [x] Did you check for an existing issue ? * [x] Are you reporting to the correct repository? * [x] Did you perform a cursory search? * [x] Did you read the `CONTRIBUTING` guide ? ### Description Login fails if the API version is too low. I believe this is due to the networkSecurityConfig only supporting API version 24 and above. ### Logs ``` 2023-04-12 17:55:44.067 3852-3852 HttpSend bou...ps.readerforselfossv2.android I Will login 2023-04-12 17:55:44.067 3852-3852 HttpSend bou...ps.readerforselfossv2.android I Did login 2023-04-12 17:55:44.317 3852-3852 LogApiCalls bou...ps.readerforselfossv2.android D REQUEST https://domain.com//items?username=&password=&type=all&items=1 failed with exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. 2023-04-12 17:55:44.318 3852-3852 Repository...ssInstance bou...ps.readerforselfossv2.android E javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:322) at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379) at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337) at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209) at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226) at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106) at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74) at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255) at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201) at okhttp3.internal.connection.RealCall$AsyncCall.run(RealCall.kt:517) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587) at java.lang.Thread.run(Thread.java:818) Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:318) at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:219) at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:114) at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:550) at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:318) at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379)  at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)  at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)  at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)  at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)  at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)  at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255)  at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)  at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)  at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)  at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)  at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)  at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)  at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)  at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)  at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)  at okhttp3.internal.connection.RealCall$AsyncCall.run(RealCall.kt:517)  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)  at java.lang.Thread.run(Thread.java:818)  Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:318)  at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:219)  at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:114)  at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:550)  at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)  at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:318)  at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379)  at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)  at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)  at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)  at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)  at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)  at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255)  at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)  at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)  at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)  at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)  at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)  at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)  at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)  at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)  at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)  at okhttp3.internal.connection.RealCall$AsyncCall.run(RealCall.kt:517)  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)  at java.lang.Thread.run(Thread.java:818)  ```
Author
Contributor

The issue seems to be related to the fact that trusted certificate authorities are hard coded in Android and thus older versions don't know of newer certificate authorities. https://community.letsencrypt.org/t/certificate-is-not-trusted-on-android/120061

I guess this will be solved when implementing #42.

The issue seems to be related to the fact that trusted certificate authorities are hard coded in Android and thus older versions don't know of newer certificate authorities. https://community.letsencrypt.org/t/certificate-is-not-trusted-on-android/120061 I guess this will be solved when implementing #42.
AmineB added this to the Dev project 2023-04-16 18:06:33 +00:00
AmineB added the
Type = Bug
label 2023-04-16 18:06:46 +00:00
Sign in to join this conversation.
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Louvorg/ReaderForSelfoss-multiplatform#139
No description provided.