Bug #2923

downloading an APK from Kerplapp using FDroid causes exception

Added by hans almost 4 years ago. Updated almost 4 years ago.

Status:ClosedStart date:01/29/2014
Priority:ImmediateDue date:
Assignee:hans% Done:

0%

Category:-
Target version:0.2 - ChatSecure/Bluetooth
Component:

Description

Downloading the index from a Kerplapp repo works fine, but downloading an APK does not. It crashes in org.fdroid.fdroid.net/Downloader.java line #136: input = new URL(remotefile).openStream();

  1980                 FDroid  D  Downloading apk from https://10.4.0.132:8888/fdroid/repo/org.witness.sscphase1_34.apk
  1980     CursorWrapperInner  W  Cursor finalized without prior close()
  1980   MemorizingTrustMan..  D  checkCertTrusted([Ljava.security.cert.X509Certificate;@42120460, RSA, true)
  1980   MemorizingTrustMan..  D  checkCertTrusted: trying appTrustManager
  1980             System.err  W  java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
  1980             System.err  W  at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:282)
  1980             System.err  W  at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:192)
  1980             System.err  W  at org.thoughtcrime.ssl.pinning.PinningTrustManager.checkSystemTrust(PinningTrustManager.java:135)
  1980             System.err  W  at org.thoughtcrime.ssl.pinning.PinningTrustManager.checkServerTrusted(PinningTrustManager.java:175)
  1980             System.err  W  at de.duenndns.ssl.MemorizingTrustManager.checkCertTrusted(MemorizingTrustManager.java:292)
  1980             System.err  W  at de.duenndns.ssl.MemorizingTrustManager.checkServerTrusted(MemorizingTrustManager.java:330)
  1980             System.err  W  at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:613)
  1980             System.err  W  at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
  1980             System.err  W  at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405)
  1980             System.err  W  at com.android.okhttp.Connection.upgradeToTls(Connection.java:146)
  1980             System.err  W  at com.android.okhttp.Connection.connect(Connection.java:107)
  1980             System.err  W  at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:294)
  1980             System.err  W  at com.android.okhttp.internal.http.HttpEngine.sendSocketRequest(HttpEngine.java:255)
  1980             System.err  W  at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:206)
  1980             System.err  W  at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:345)
  1980             System.err  W  at com.android.okhttp.internal.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:296)
  1980             System.err  W  at com.android.okhttp.internal.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:179)
  1980             System.err  W  at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:246)
  1980             System.err  W  at java.net.URL.openStream(URL.java:470)
  1980             System.err  W  at org.fdroid.fdroid.Downloader.run(Downloader.java:136)
  1980             System.err  W  Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
  1980             System.err  W  ... 20 more
  1980   MemorizingTrustMan..  I  checkCertTrusted: accepting cert already stored in keystore
 18938             System.out  I  GET '/fdroid/repo/org.witness.sscphase1_34.apk'
 18938             System.out  I  HDR: 'connection' = 'Keep-Alive'
 18938             System.out  I  HDR: 'user-agent' = 'Dalvik/1.6.0 (Linux; U; Android 4.4.2; Nexus 7 Build/KOT49H)'
 18938             System.out  I  HDR: 'remote-addr' = '10.4.0.132'
 18938             System.out  I  HDR: 'accept-encoding' = 'gzip'
 18938             System.out  I  HDR: 'host' = '10.4.0.132:8888'
 18938             System.out  I  HDR: 'http-client-ip' = '10.4.0.132'
  1980                 FDroid  E  Download failed:
  1980                 FDroid  E  java.io.FileNotFoundException: https://10.4.0.132:8888/fdroid/repo/org.witness.sscphase1_34.apk
  1980                 FDroid  E  at com.android.okhttp.internal.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:186)
  1980                 FDroid  E  at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:246)
  1980                 FDroid  E  at java.net.URL.openStream(URL.java:470)
  1980                 FDroid  E  at org.fdroid.fdroid.Downloader.run(Downloader.java:136)

History

#1 Updated by pd0x almost 4 years ago

  • Status changed from New to In Progress

After merging Hans' fix for the maxage property: https://github.com/eighthave/kerplapp/commit/7d4f323b2d8e9246952575fb184b659928e89354 the issue progresses from being due to the APKs not getting copied to the repo to something more difficult to track down.

I've started trying to reproduce the bug using an http repo (no tls enabled). The behaviour I'm seeing now is every 2nd request to the Kerplapp/HTTPD instance is returning a 500 error from NanoHTTPD. So clicking to install an app will fail initially but succeed on a second tap to install.

Working on narrowing down the real cause here. Seems increasingly likely that this bug and #2928 are the same.

#2 Updated by pd0x almost 4 years ago

  • Status changed from In Progress to Feedback

Addressed with https://github.com/guardianproject/nanohttpd/pull/2

The underlying issue was with NanoHTTPD. After responding to the initial request the connection is kept open waiting for subsequent requests. FDroid doesn't send any follow-up requests across the same connection and a SocketTimeoutException is generated in NanoHTTPD as a result. This timeout is treated as a generic IOException which causes a 500 error to be written to the response prior to closing the output stream. When FDroid attempts a follow-up connection it receives the 500 error resulting from the last request instead of a new response corresponding to the new request.

This behaviour can be fixed by the pull req linked above to have NanoHTTPD treat a timeout the same way it treats the remote client closing the connection.

#3 Updated by pd0x almost 4 years ago

  • Assignee changed from pd0x to hans

#4 Updated by hans almost 4 years ago

  • Status changed from Feedback to Closed

Also available in: Atom PDF