-
-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[2.50.3] Lets Encrypt Root CA Change #2409
Conversation
Great to see this PR. |
Certificate isgCertificate = cf.generateCertificate(new ByteArrayInputStream(isgCert.getBytes("UTF-8"))); | ||
|
||
HandshakeCertificates certificates = new HandshakeCertificates.Builder() | ||
.addTrustedCertificate((X509Certificate)isgCertificate) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you need to support other platform certificates as well? Or just an LE root?
Can you confirm this already works for existing LE certificates?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you need to support other platform certificates as well?
Uh yes, It's failing for other non LE certs. so seems like we need to add addPlatformTrustedCertificates()
to allow for other certificates. Appreciate the catch.
Can you confirm this already works for existing LE certificates?
Yeah this somehow works without adding the call to addPlatformTrustedCertificates()
. Not sure how though!
@damagatchi retest this please |
https://letsencrypt.org/2020/11/06/own-two-feet.html
Solution taken from:
https://stackoverflow.com/questions/64844311/certpathvalidatorexception-connecting-to-a-lets-encrypt-host-on-android-m-or-ea
OkHttp Issue: square/okhttp#6403