Bug #2923
downloading an APK from Kerplapp using FDroid causes exception
| Status: | Closed | Start date: | 01/29/2014 | |
|---|---|---|---|---|
| Priority: | Immediate | Due date: | ||
| Assignee: | hans | % Done: | 0% | |
| Category: | - | |||
| Target version: | 0.2 - ChatSecure/Bluetooth | |||
| Component: |
Description
Downloading the index from a Kerplapp repo works fine, but downloading an APK does not. It crashes in org.fdroid.fdroid.net/Downloader.java line #136: input = new URL(remotefile).openStream();
1980 FDroid D Downloading apk from https://10.4.0.132:8888/fdroid/repo/org.witness.sscphase1_34.apk 1980 CursorWrapperInner W Cursor finalized without prior close() 1980 MemorizingTrustMan.. D checkCertTrusted([Ljava.security.cert.X509Certificate;@42120460, RSA, true) 1980 MemorizingTrustMan.. D checkCertTrusted: trying appTrustManager 1980 System.err W java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. 1980 System.err W at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:282) 1980 System.err W at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:192) 1980 System.err W at org.thoughtcrime.ssl.pinning.PinningTrustManager.checkSystemTrust(PinningTrustManager.java:135) 1980 System.err W at org.thoughtcrime.ssl.pinning.PinningTrustManager.checkServerTrusted(PinningTrustManager.java:175) 1980 System.err W at de.duenndns.ssl.MemorizingTrustManager.checkCertTrusted(MemorizingTrustManager.java:292) 1980 System.err W at de.duenndns.ssl.MemorizingTrustManager.checkServerTrusted(MemorizingTrustManager.java:330) 1980 System.err W at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:613) 1980 System.err W at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) 1980 System.err W at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405) 1980 System.err W at com.android.okhttp.Connection.upgradeToTls(Connection.java:146) 1980 System.err W at com.android.okhttp.Connection.connect(Connection.java:107) 1980 System.err W at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:294) 1980 System.err W at com.android.okhttp.internal.http.HttpEngine.sendSocketRequest(HttpEngine.java:255) 1980 System.err W at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:206) 1980 System.err W at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:345) 1980 System.err W at com.android.okhttp.internal.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:296) 1980 System.err W at com.android.okhttp.internal.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:179) 1980 System.err W at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:246) 1980 System.err W at java.net.URL.openStream(URL.java:470) 1980 System.err W at org.fdroid.fdroid.Downloader.run(Downloader.java:136) 1980 System.err W Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. 1980 System.err W ... 20 more 1980 MemorizingTrustMan.. I checkCertTrusted: accepting cert already stored in keystore 18938 System.out I GET '/fdroid/repo/org.witness.sscphase1_34.apk' 18938 System.out I HDR: 'connection' = 'Keep-Alive' 18938 System.out I HDR: 'user-agent' = 'Dalvik/1.6.0 (Linux; U; Android 4.4.2; Nexus 7 Build/KOT49H)' 18938 System.out I HDR: 'remote-addr' = '10.4.0.132' 18938 System.out I HDR: 'accept-encoding' = 'gzip' 18938 System.out I HDR: 'host' = '10.4.0.132:8888' 18938 System.out I HDR: 'http-client-ip' = '10.4.0.132' 1980 FDroid E Download failed: 1980 FDroid E java.io.FileNotFoundException: https://10.4.0.132:8888/fdroid/repo/org.witness.sscphase1_34.apk 1980 FDroid E at com.android.okhttp.internal.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:186) 1980 FDroid E at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:246) 1980 FDroid E at java.net.URL.openStream(URL.java:470) 1980 FDroid E at org.fdroid.fdroid.Downloader.run(Downloader.java:136)
History
#1 Updated by pd0x almost 4 years ago
- Status changed from New to In Progress
After merging Hans' fix for the maxage property: https://github.com/eighthave/kerplapp/commit/7d4f323b2d8e9246952575fb184b659928e89354 the issue progresses from being due to the APKs not getting copied to the repo to something more difficult to track down.
I've started trying to reproduce the bug using an http repo (no tls enabled). The behaviour I'm seeing now is every 2nd request to the Kerplapp/HTTPD instance is returning a 500 error from NanoHTTPD. So clicking to install an app will fail initially but succeed on a second tap to install.
Working on narrowing down the real cause here. Seems increasingly likely that this bug and #2928 are the same.
#2 Updated by pd0x almost 4 years ago
- Status changed from In Progress to Feedback
Addressed with https://github.com/guardianproject/nanohttpd/pull/2
The underlying issue was with NanoHTTPD. After responding to the initial request the connection is kept open waiting for subsequent requests. FDroid doesn't send any follow-up requests across the same connection and a SocketTimeoutException is generated in NanoHTTPD as a result. This timeout is treated as a generic IOException which causes a 500 error to be written to the response prior to closing the output stream. When FDroid attempts a follow-up connection it receives the 500 error resulting from the last request instead of a new response corresponding to the new request.
This behaviour can be fixed by the pull req linked above to have NanoHTTPD treat a timeout the same way it treats the remote client closing the connection.
#3 Updated by pd0x almost 4 years ago
- Assignee changed from pd0x to hans
#4 Updated by hans almost 4 years ago
- Status changed from Feedback to Closed