Bug #4279
duck.co/dukgo.com certificate validation failure
| Status: | New | Start date: | 12/12/2014 | |
|---|---|---|---|---|
| Priority: | Immediate | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | - | |||
| Target version: | v15 - AWESOME APP | |||
| Component: |
Description
It seems that dukgo.com has a new TLS certificate that ChatSecure's asmack cannot validate.
Here's the stack trace using XMPPConnection's default trust manager:
XMPPCertPinsTest I TESTING DOMAINS WITH DEFAULT TRUST MANAGER: duck.co
System.err W XMPPError establishing connection with server.: remote-server-error(502) XMPPError establishing connection with server.
W -- caused by: javax.net.ssl.SSLHandshakeException: target verification failed of [*.dukgo.com]
W at org.jivesoftware.smack.XMPPConnection.initReaderAndWriter(XMPPConnection.java:762)
W at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:898)
W at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:267)
W at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)
W Nested Exception:
W javax.net.ssl.SSLHandshakeException: target verification failed of [*.dukgo.com]
W at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:409)
W at com.android.org.conscrypt.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocketImpl.java:661)
W at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:632)
W at org.jivesoftware.smack.XMPPConnection.initReaderAndWriter(XMPPConnection.java:729)
W at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:898)
W at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:267)
W at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)
W Caused by: java.security.cert.CertificateException: target verification failed of [*.dukgo.com]
W at org.jivesoftware.smack.ServerTrustManager.checkServerTrusted(ServerTrustManager.java:171)
W at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:613)
W at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
W at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405)
W ... 6 more
XMPPCertPinsTest I TESTING DOMAINS WITH DEFAULT TRUST MANAGER: dukgo.com
System.err W XMPPError establishing connection with server.: remote-server-error(502) XMPPError establishing connection with server.
W -- caused by: javax.net.ssl.SSLHandshakeException: subject/issuer verification failed of [duck.co]
W at org.jivesoftware.smack.XMPPConnection.initReaderAndWriter(XMPPConnection.java:762)
W at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:898)
W at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:267)
W at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)
W Nested Exception:
W javax.net.ssl.SSLHandshakeException: subject/issuer verification failed of [duck.co]
System.err W at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:409)
W at com.android.org.conscrypt.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocketImpl.java:661)
W at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:632)
W at org.jivesoftware.smack.XMPPConnection.initReaderAndWriter(XMPPConnection.java:729)
W at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:898)
W at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:267)
W at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)
W Caused by: java.security.cert.CertificateException: subject/issuer verification failed of [duck.co]
W at org.jivesoftware.smack.ServerTrustManager.checkServerTrusted(ServerTrustManager.java:133)
W at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:613)
W at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
W at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405)
W ... 6 more
Here's the stacktrace using the default trust manager with AndroidPinning's:
XMPPCertPinsTest I TESTING DOMAINS WITH PINS: duck.co
System.err W XMPPError establishing connection with server.: remote-server-error(502) XMPPError establishing connection with server.
W -- caused by: javax.net.ssl.SSLHandshakeException: com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException: Could not validate certificate: null
W at org.jivesoftware.smack.XMPPConnection.initReaderAndWriter(XMPPConnection.java:762)
W at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:898)
W at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:267)
W at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)
W Nested Exception:
W javax.net.ssl.SSLHandshakeException: com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException: Could not validate certificate: null
W at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:409)
W at com.android.org.conscrypt.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocketImpl.java:661)
W at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:632)
W at org.jivesoftware.smack.XMPPConnection.initReaderAndWriter(XMPPConnection.java:729)
W at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:898)
W at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:267)
W at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)
W Caused by: java.security.cert.CertificateException: com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException: Could not validate certificate: null
W at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:308)
W at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:192)
W at org.thoughtcrime.ssl.pinning.PinningTrustManager.checkSystemTrust(PinningTrustManager.java:135)
W at org.thoughtcrime.ssl.pinning.PinningTrustManager.checkServerTrusted(PinningTrustManager.java:175)
W at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:613)
W at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
W at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405)
W ... 6 more
W Caused by: com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException: Could not validate certificate: null
W at com.android.org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCertA(RFC3280CertPathUtilities.java:1488)
W at com.android.org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:305)
W at java.security.cert.CertPathValidator.validate(CertPathValidator.java:190)
W at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:295)
W ... 12 more
W Caused by: java.security.cert.CertificateExpiredException
W at com.android.org.conscrypt.OpenSSLX509Certificate.checkValidity(OpenSSLX509Certificate.java:220)
W at com.android.org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCertA(RFC3280CertPathUtilities.java:1483)
W ... 15 more
XMPPCertPinsTest I TESTING DOMAINS WITH PINS: dukgo.com
System.err W XMPPError establishing connection with server.: remote-server-error(502) XMPPError establishing connection with server.
W -- caused by: javax.net.ssl.SSLHandshakeException: No valid pins found in chain!
W at org.jivesoftware.smack.XMPPConnection.initReaderAndWriter(XMPPConnection.java:762)
W at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:898)
W at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:267)
W at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)
W Nested Exception:
W javax.net.ssl.SSLHandshakeException: No valid pins found in chain!
W at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:409)
W at com.android.org.conscrypt.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocketImpl.java:661)
W at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:632)
W at org.jivesoftware.smack.XMPPConnection.initReaderAndWriter(XMPPConnection.java:729)
W at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:898)
W at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:267)
W at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)
W Caused by: java.security.cert.CertificateException: No valid pins found in chain!
W at org.thoughtcrime.ssl.pinning.PinningTrustManager.checkPinTrust(PinningTrustManager.java:157)
W at org.thoughtcrime.ssl.pinning.PinningTrustManager.checkServerTrusted(PinningTrustManager.java:176)
W at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:613)
W at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
W at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405)
W ... 6 more
History
#1 Updated by n8fr8 over 2 years ago
- Target version changed from v14 - Armadillo's Agram to v15 - AWESOME APP