Android: Error in Android App on SSL File Access
Steps to reproduce
- Upload file to a newly created folder in encrypted NextCloud via HTTPS from web browser
- Share newly created folder by generating share URL (i.e. folder icon changes to show chain links on folder)
- Access shared folder & try to download file from Android web app, receiving error:
*** CAUSE OF ERROR ***
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(:com.google.android.gms@[email protected] (100408-284611645):27)
at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:320)
at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:284)
at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:169)
at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:258)
at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:135)
at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:114)
at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:127)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:257)
at okhttp3.RealCall.execute(RealCall.java:93)
at com.nextcloud.common.OkHttpMethodBase.execute(OkHttpMethodBase.kt:126)
at com.nextcloud.common.NextcloudClient.execute(NextcloudClient.kt:67)
at com.owncloud.android.lib.resources.activities.GetActivitiesRemoteOperation.run(GetActivitiesRemoteOperation.java:131)
at com.nextcloud.common.NextcloudClient.execute(NextcloudClient.kt:63)
at com.owncloud.android.ui.fragment.FileDetailActivitiesFragment.lambda$fetchAndSetData$5$FileDetailActivitiesFragment(FileDetailActivitiesFragment.java:331)
at com.owncloud.android.ui.fragment.-$$Lambda$FileDetailActivitiesFragment$N7POe6TZvoGcuV2qP-niPxY_7t4.run(Unknown Source:12)
at java.lang.Thread.run(Thread.java:764)
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:654)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:499)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:422)
at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:343)
at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
at java.lang.reflect.Method.invoke(Native Method)
at com.google.android.gms.org.conscrypt.Platform.checkTrusted(:com.google.android.gms@[email protected] (100408-284611645):2)
at com.google.android.gms.org.conscrypt.Platform.checkServerTrusted(:com.google.android.gms@[email protected] (100408-284611645):1)
at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(:com.google.android.gms@[email protected] (100408-284611645):7)
at com.google.android.gms.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.google.android.gms.org.conscrypt.NativeSsl.doHandshake(:com.google.android.gms@[email protected] (100408-284611645):6)
at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(:com.google.android.gms@[email protected] (100408-284611645):14)
... 26 more
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
... 39 more
*** APP INFORMATION ***
ID: com.nextcloud.client
Version: 30100090
Build flavor: gplay
*** DEVICE INFORMATION ***
Brand: samsung
Device: starqlteue
Model: SM-G960U1
Id: PPR1.180610.011
Product: starqlteue
*** FIRMWARE ***
SDK: 28
Release: 9
Incremental: G960U1UES7CSK2
Expected behaviour
- Access from Android app should function without error.
Actual behaviour
- Receive error above & unable to access file.
Environment data
Android version: 9
Device model: Samsung Galaxy S9
Stock or customized system: Stock (Verizon)
Nextcloud app version: 3.10.0
Nextcloud server version: 17.0.1
scottsideleau
All 3 comments
Duplicate of #5235
AndyScherzinger
on 28 Jan 2020
Issue is your are (likely) using a self-signed SSL certificate. A fix is in quality assurance right now, so the next release will fix this matter.
AndyScherzinger
on 28 Jan 2020
Great, thanks! Sorry, for the duplicate report.
In this case, the SSL certificate is signed by Let's Encrypt, but I don't have a reason to believe the referenced fix will not address my issue, too.
scottsideleau
on 28 Jan 2020
Related issues
eppfel
路
3Comments
tobiasKaminsky
路
3Comments
tobiasKaminsky
路
3Comments
daywalk3r666
路
3Comments
AndyScherzinger
路
3Comments