Overview
Since API 24 by default android applications trust only system installed CA certs see https://developer.android.com/privacy-and-security/security-config#base-config. It would be great to add support of user installed CA certs into application. With current behavior during contact with WebDAV server working over HTTPS getting error
Network error has been occurred, check internet connection javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:358) at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1131) at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1086) at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:873) at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:744) at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:709) at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:898) at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.-$$Nest$mprocessDataFromSocket(Unknown Source:0) at com.android.org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:238) at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:220) at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379) at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337) at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209) at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226) at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106) at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74) at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255) at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.logging.HttpLoggingInterceptor.intercept(HttpLoggingInterceptor.kt:221) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201) at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154) at com.thegrizzlylabs.sardineandroid.impl.OkHttpSardine.execute(OkHttpSardine.java:626) at com.thegrizzlylabs.sardineandroid.impl.OkHttpSardine.propfind(OkHttpSardine.java:180) at com.thegrizzlylabs.sardineandroid.impl.OkHttpSardine.list(OkHttpSardine.java:149) at com.thegrizzlylabs.sardineandroid.impl.OkHttpSardine.list(OkHttpSardine.java:125) at com.thegrizzlylabs.sardineandroid.impl.OkHttpSardine.list(OkHttpSardine.java:120) at com.ivanovsky.passnotes.data.repository.file.webdav.WebDavClientV2$fetchFileList$files$1.invoke(WebDavClientV2.kt:255) at com.ivanovsky.passnotes.data.repository.file.webdav.WebDavClientV2$fetchFileList$files$1.invoke(WebDavClientV2.kt:253) at com.ivanovsky.passnotes.data.repository.file.webdav.WebDavNetworkLayer.execute(WebDavNetworkLayer.kt:32) at com.ivanovsky.passnotes.data.repository.file.webdav.WebDavClientV2.fetchFileList(WebDavClientV2.kt:253) at com.ivanovsky.passnotes.data.repository.file.webdav.WebDavClientV2.getRoot(WebDavClientV2.kt:107) at com.ivanovsky.passnotes.data.repository.file.remote.RemoteFileSystemProvider.getRootFile(RemoteFileSystemProvider.java:169) at com.ivanovsky.passnotes.domain.interactor.serverLogin.ServerLoginInteractor$tryAuthenticate$2.invokeSuspend(ServerLoginInteractor.kt:54) at com.ivanovsky.passnotes.domain.interactor.serverLogin.ServerLoginInteractor$tryAuthenticate$2.invoke(Unknown Source:8) at com.ivanovsky.passnotes.domain.interactor.serverLogin.ServerLoginInteractor$tryAuthenticate$2.invoke(Unknown Source:4) at kotlinx.coroutines.intrinsics.UndispatchedKt.startUndispatchedOrReturn(Undispatched.kt:78) at kotlinx.coroutines.BuildersKt__Builders_commonKt.withContext(Builders.common.kt:167) at kotlinx.coroutines.BuildersKt.withContext(Unknown Source:1) at com.ivanovsky.passnotes.domain.interactor.serverLogin.ServerLoginInteractor.tryAuthenticate(ServerLoginInteractor.kt:50) at com.ivanovsky.passnotes.domain.interactor.serverLogin.ServerLoginInteractor.access$tryAuthenticate(ServerLoginInteractor.kt:14) at com.ivanovsky.passnotes.domain.interactor.serverLogin.ServerLoginInteractor$authenticate$2.invokeSuspend(ServerLoginInteractor.kt:39) at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:108) at kotlinx.coroutines.internal.LimitedDispatcher$Worker.run(LimitedDispatcher.kt:115) at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:103) at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:584) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:793) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:697) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:684) Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:663) at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:512) at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:432) at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:360) at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94) at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:90) at com.android.org.conscrypt.ConscryptEngineSocket$2.checkServerTrusted(ConscryptEngineSocket.java:165) at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:269) at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1635) at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method) at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:572) at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1092) at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1076) ... 54 more Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. ... 67 more
Overview
Since API 24 by default android applications trust only system installed CA certs see https://developer.android.com/privacy-and-security/security-config#base-config. It would be great to add support of user installed CA certs into application. With current behavior during contact with WebDAV server working over HTTPS getting error
Network error has been occurred, check internet connection javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:358) at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1131) at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1086) at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:873) at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:744) at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:709) at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:898) at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.-$$Nest$mprocessDataFromSocket(Unknown Source:0) at com.android.org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:238) at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:220) at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379) at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337) at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209) at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226) at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106) at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74) at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255) at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.logging.HttpLoggingInterceptor.intercept(HttpLoggingInterceptor.kt:221) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201) at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154) at com.thegrizzlylabs.sardineandroid.impl.OkHttpSardine.execute(OkHttpSardine.java:626) at com.thegrizzlylabs.sardineandroid.impl.OkHttpSardine.propfind(OkHttpSardine.java:180) at com.thegrizzlylabs.sardineandroid.impl.OkHttpSardine.list(OkHttpSardine.java:149) at com.thegrizzlylabs.sardineandroid.impl.OkHttpSardine.list(OkHttpSardine.java:125) at com.thegrizzlylabs.sardineandroid.impl.OkHttpSardine.list(OkHttpSardine.java:120) at com.ivanovsky.passnotes.data.repository.file.webdav.WebDavClientV2$fetchFileList$files$1.invoke(WebDavClientV2.kt:255) at com.ivanovsky.passnotes.data.repository.file.webdav.WebDavClientV2$fetchFileList$files$1.invoke(WebDavClientV2.kt:253) at com.ivanovsky.passnotes.data.repository.file.webdav.WebDavNetworkLayer.execute(WebDavNetworkLayer.kt:32) at com.ivanovsky.passnotes.data.repository.file.webdav.WebDavClientV2.fetchFileList(WebDavClientV2.kt:253) at com.ivanovsky.passnotes.data.repository.file.webdav.WebDavClientV2.getRoot(WebDavClientV2.kt:107) at com.ivanovsky.passnotes.data.repository.file.remote.RemoteFileSystemProvider.getRootFile(RemoteFileSystemProvider.java:169) at com.ivanovsky.passnotes.domain.interactor.serverLogin.ServerLoginInteractor$tryAuthenticate$2.invokeSuspend(ServerLoginInteractor.kt:54) at com.ivanovsky.passnotes.domain.interactor.serverLogin.ServerLoginInteractor$tryAuthenticate$2.invoke(Unknown Source:8) at com.ivanovsky.passnotes.domain.interactor.serverLogin.ServerLoginInteractor$tryAuthenticate$2.invoke(Unknown Source:4) at kotlinx.coroutines.intrinsics.UndispatchedKt.startUndispatchedOrReturn(Undispatched.kt:78) at kotlinx.coroutines.BuildersKt__Builders_commonKt.withContext(Builders.common.kt:167) at kotlinx.coroutines.BuildersKt.withContext(Unknown Source:1) at com.ivanovsky.passnotes.domain.interactor.serverLogin.ServerLoginInteractor.tryAuthenticate(ServerLoginInteractor.kt:50) at com.ivanovsky.passnotes.domain.interactor.serverLogin.ServerLoginInteractor.access$tryAuthenticate(ServerLoginInteractor.kt:14) at com.ivanovsky.passnotes.domain.interactor.serverLogin.ServerLoginInteractor$authenticate$2.invokeSuspend(ServerLoginInteractor.kt:39) at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:108) at kotlinx.coroutines.internal.LimitedDispatcher$Worker.run(LimitedDispatcher.kt:115) at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:103) at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:584) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:793) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:697) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:684) Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:663) at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:512) at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:432) at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:360) at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94) at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:90) at com.android.org.conscrypt.ConscryptEngineSocket$2.checkServerTrusted(ConscryptEngineSocket.java:165) at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:269) at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1635) at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method) at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:572) at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1092) at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1076) ... 54 more Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. ... 67 more