-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Trust anchor for certification path not found #586
Comments
I think it's the COMODO untrusted certification on Android issue |
Does apprtc provides any certificate files, like the ones used in this official android documentation |
Open https://appr.tc with a browser. I will try this way later. |
+1 for this issue. I am also getting "Trust anchor for certification path not found" when attempting any kind of call from AppRTC Android demo app (approx release 63 and rel 68). The same app on same android device had worked till around October 30. |
The solution @HasnainAD mentioned worked.
httpsURLConnection.setSSLSocketFactory(trustCert().getSocketFactory());
private SSLContext trustCert() throws CertificateException,IOException,KeyStoreException,
NoSuchAlgorithmException,KeyManagementException {
AssetManager assetManager = getAssets();
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate ca = cf.generateCertificate(assetManager.open("COMODORSADomainValidationSecureServerCA.crt"));
// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
// Create an SSLContext that uses our TrustManager
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
return context;
} But I think it's just a compromise solution for those who cannot wait. |
great it working well |
Hey max, thanks for the code, do I need to run it one time per session or everytime before starting a call? |
httpsURLConnection.setSSLSocketFactory(trustCert().getSocketFactory()); |
@remyasics Use Https instead of Http |
@HasnainAD private void sendHttpMessage() {
try {
HttpURLConnection connection = (HttpURLConnection) new URL(url).openConnection();
...
if (connection instanceof HttpsURLConnection) {
((HttpsURLConnection) connection).setSSLSocketFactory(sslContext.getSocketFactory());
}
...
// Get response.
int responseCode = connection.getResponseCode();
...
} catch (SocketTimeoutException e) {
events.onHttpError("HTTP " + method + " to " + url + " timeout");
} catch (IOException e) {
events.onHttpError("HTTP " + method + " to " + url + " error: " + e.getMessage());
}
} |
@maxvuluy how to use it with AsyncHttpURLConnection? Following is my code:
|
Thank you |
is giving me error |
@HasnainAD I modified AsyncHttpURLConnection as below public class AsyncHttpURLConnection {
private static SSLContext sslContext;
public static setSSLContext(SSLContext sslContext) {
this.sslContext = sslContext;
}
private void sendHttpMessage() {
try {
HttpURLConnection connection = (HttpURLConnection) new URL(url).openConnection();
...
if (connection instanceof HttpsURLConnection) {
((HttpsURLConnection) connection).setSSLSocketFactory(sslContext.getSocketFactory());
}
...
// Get response.
int responseCode = connection.getResponseCode();
...
}
}
}
public class MainActivity extends AppCompatActivity {
@Override
protected void onResume() {
super.onResume();
try {
AsyncHttpURLConnection.setSSLContext(trustCert());
} catch (CertificateException | IOException | NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) {
e.printStackTrace();
}
}
private SSLContext trustCert() throws CertificateException,IOException,KeyStoreException,NoSuchAlgorithmException,KeyManagementException {
AssetManager assetManager = getAssets();
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate ca = cf.generateCertificate(assetManager.open("COMODORSADomainValidationSecureServerCA.crt"));
// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
// Create an SSLContext that uses our TrustManager
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
return context;
}
} |
👍 @maxvuluy Thanks a lot man! I got it working. |
@HasnainAD Thanks a lot |
I think since it has certificate verification we can use it for production also.Any idea? |
I thought this issue is not completely solved.
According to COMODO's explanation and android guide, the certificate chain of server seems to be incomplete. The solution with TrustManager is just a compromise. I don't think it's a good solution. |
Does appr.tc website error cert? Because I don't think project error, because my code not update for along and when I come back, this error suddenly appear |
where to write this code, how to call it? I am using volley for parsing JSON , please help |
I had similar issue and mange to solve it by following steps described in https://developer.android.com/training/articles/security-config But the config changes, without any complicated code logic, would only work on Android version 24 & above. So for android lower then N (version 24) the solution is to via code changes as mentioned above. If you are using OkHttp, then follow the customTrust: |
Browsers and versions affected
Android native app
Description
All devices with my app installed on them are getting same error. Previously, I was getting the recent issue, /issues/585 (apprtc expired certificate). Now that that issue seems to be fixed, and now I am starting to get this one.
Steps to reproduce
Running the same app that worked previously
Expected results
Should initiate chat between two peers.
Actual results
Connection Error: HTTP POST to https://appr.tc/join/9f48fcc6-30e0-47f2-ba35-f6cb8da19a7b error: ja
va.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
The text was updated successfully, but these errors were encountered: