Question

Со вчерашнего дня я получаю печально известное SSLHandshake исключение для службы , которая работала вечно. Насколько я понимаю, это произойдет, если сертификат HTTPs будет подписан центром сертификации, не входящим в состав ОС. ), и оба они заявляют, что сертификат действителен и получен от известного CA.

Почему это началось внезапно со вчерашнего дня, без каких-либо изменений в моем коде? Этот пакет предоставлен третьей стороной (отслеживание посылок), поэтому я не могу включить его сертификат в свое приложение.

Я что-то здесь упустил? Я использую Retrofit + Moshi + OkHttp

Это весь стек, который я получаю:

javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:229)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:367)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:325)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:197)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:249)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:108)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:76)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:245)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:100)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:96)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:100)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:100)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:100)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:197)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.connection.RealCall.execute(RealCall.kt:148)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at retrofit2.OkHttpCall.execute(OkHttpCall.java:204)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at retrofit2.adapter.rxjava2.CallExecuteObservable.subscribeActual(CallExecuteObservable.java:46)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.Observable.subscribe(Observable.java:12267)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at retrofit2.adapter.rxjava2.BodyObservable.subscribeActual(BodyObservable.java:35)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.Observable.subscribe(Observable.java:12267)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.observable.ObservableSingleSingle.subscribeActual(ObservableSingleSingle.java:35)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.Single.subscribe(Single.java:3603)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.single.SingleMap.subscribeActual(SingleMap.java:34)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.Single.subscribe(Single.java:3603)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.single.SingleFlatMap$SingleFlatMapCallback.onSuccess(SingleFlatMap.java:84)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.single.SingleDoOnSuccess$DoOnSuccess.onSuccess(SingleDoOnSuccess.java:60)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.single.SingleCreate$Emitter.onSuccess(SingleCreate.java:67)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at androidx.room.RxRoom$5.subscribe(RxRoom.java:229)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.single.SingleCreate.subscribeActual(SingleCreate.java:39)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.Single.subscribe(Single.java:3603)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.single.SingleDoOnSuccess.subscribeActual(SingleDoOnSuccess.java:35)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.Single.subscribe(Single.java:3603)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.single.SingleFlatMap.subscribeActual(SingleFlatMap.java:36)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.Single.subscribe(Single.java:3603)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.single.SingleFlatMap.subscribeActual(SingleFlatMap.java:36)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.Single.subscribe(Single.java:3603)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.single.SingleDoOnSuccess.subscribeActual(SingleDoOnSuccess.java:35)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.Single.subscribe(Single.java:3603)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.single.SingleSubscribeOn$SubscribeOnObserver.run(SingleSubscribeOn.java:89)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.Scheduler$DisposeTask.run(Scheduler.java:578)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.schedulers.ScheduledRunnable.run(ScheduledRunnable.java:66)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.schedulers.ScheduledRunnable.call(ScheduledRunnable.java:57)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at java.util.concurrent.FutureTask.run(FutureTask.java:266)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:301)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at java.lang.Thread.run(Thread.java:764)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh: Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:646)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:418)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:339)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:208)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at com.android.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(ConscryptFileDescriptorSocket.java:404)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:375)
2020-07-09 18:04:04.688 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:224)
2020-07-09 18:04:04.688 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:  ... 49 more
2020-07-09 18:04:04.688 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh: Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
2020-07-09 18:04:04.688 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:  ... 60 more

Yuri Schimke · Answer 1 · 09 июля 2020

Я считаю, что сервер обслуживает неполную цепочку, Firefox может обойти это.

https://www.ssllabs.com/ssltest/analyze.html?d=localizador.correos.es&latest

Проблемы с цепочкой Неполная

 Path #1: Trusted
1   Sent by server  localizador.correos.es
Fingerprint SHA256: 9665607354d2caa7990b2b5771a7aea0b598902df8814f6ca07f5dd6e3f69f89
Pin SHA256: uAsu6QaEo1pYjkzUnsW/IK9oJDdbEF8TQ5xfVGSXCX0=
RSA 2048 bits (e 65537) / SHA256withRSA

2   Extra download  Entrust Certification Authority - L1K
Fingerprint SHA256: 13efb39a2f6654e8c67bd04f4c6d4c90cd6cab5091bcedc73787f6b77d3d3fe7
Pin SHA256: 980Ionqp3wkYtN9SZVgMzuWQzJta1nfxNPwTem1X0uc=
RSA 2048 bits (e 65537) / SHA256withRSA

3   In trust store  Entrust Root Certification Authority - G2   Self-signed 
Fingerprint SHA256: 43df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f339
Pin SHA256: du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U=
RSA 2048 bits (e 65537) / SHA256withRSA

Получение «Якорь доверия для пути сертификации не найден». для службы, которая раньше работала

Пожалуйста, войдите или зарегистрируйтесь чтобы ответить на этот вопрос.

1 Ответ

Пожалуйста, войдите или зарегистрируйтесь что бы добавить комментарий.

Получение «Якорь доверия для пути сертификации не найден». для службы, которая раньше работала

Пожалуйста, войдите или зарегистрируйтесь чтобы ответить на этот вопрос.

1 Ответ

Пожалуйста, войдите или зарегистрируйтесь что бы добавить комментарий.

Похожие темы