Bug #4279

duck.co/dukgo.com certificate validation failure

Added by hans about 3 years ago. Updated over 2 years ago.

Status:NewStart date:12/12/2014
Priority:ImmediateDue date:
Assignee:-% Done:

0%

Category:-
Target version:v15 - AWESOME APP
Component:

Description

It seems that dukgo.com has a new TLS certificate that ChatSecure's asmack cannot validate.

Here's the stack trace using XMPPConnection's default trust manager:

      XMPPCertPinsTest  I  TESTING DOMAINS WITH DEFAULT TRUST MANAGER: duck.co
            System.err  W  XMPPError establishing connection with server.: remote-server-error(502) XMPPError establishing connection with server.
                        W    -- caused by: javax.net.ssl.SSLHandshakeException: target verification failed of [*.dukgo.com]
                        W      at org.jivesoftware.smack.XMPPConnection.initReaderAndWriter(XMPPConnection.java:762)
                        W      at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:898)
                        W      at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:267)
                        W      at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)
                        W  Nested Exception:
                        W  javax.net.ssl.SSLHandshakeException: target verification failed of [*.dukgo.com]
                        W      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:409)
                        W      at com.android.org.conscrypt.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocketImpl.java:661)
                        W      at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:632)
                        W      at org.jivesoftware.smack.XMPPConnection.initReaderAndWriter(XMPPConnection.java:729)
                        W      at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:898)
                        W      at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:267)
                        W      at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)
                        W  Caused by: java.security.cert.CertificateException: target verification failed of [*.dukgo.com]
                        W      at org.jivesoftware.smack.ServerTrustManager.checkServerTrusted(ServerTrustManager.java:171)
                        W      at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:613)
                        W      at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
                        W      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405)
                        W      ... 6 more

      XMPPCertPinsTest  I  TESTING DOMAINS WITH DEFAULT TRUST MANAGER: dukgo.com
            System.err  W  XMPPError establishing connection with server.: remote-server-error(502) XMPPError establishing connection with server.
                        W    -- caused by: javax.net.ssl.SSLHandshakeException: subject/issuer verification failed of [duck.co]
                        W      at org.jivesoftware.smack.XMPPConnection.initReaderAndWriter(XMPPConnection.java:762)
                        W      at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:898)
                        W      at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:267)
                        W      at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)
                        W  Nested Exception:
                        W  javax.net.ssl.SSLHandshakeException: subject/issuer verification failed of [duck.co]
            System.err  W      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:409)
                        W      at com.android.org.conscrypt.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocketImpl.java:661)
                        W      at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:632)
                        W      at org.jivesoftware.smack.XMPPConnection.initReaderAndWriter(XMPPConnection.java:729)
                        W      at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:898)
                        W      at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:267)
                        W      at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)
                        W  Caused by: java.security.cert.CertificateException: subject/issuer verification failed of [duck.co]
                        W      at org.jivesoftware.smack.ServerTrustManager.checkServerTrusted(ServerTrustManager.java:133)
                        W      at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:613)
                        W      at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
                        W      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405)
                        W      ... 6 more

Here's the stacktrace using the default trust manager with AndroidPinning's:


      XMPPCertPinsTest  I  TESTING DOMAINS WITH PINS: duck.co
            System.err  W  XMPPError establishing connection with server.: remote-server-error(502) XMPPError establishing connection with server.
                        W    -- caused by: javax.net.ssl.SSLHandshakeException: com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException: Could not validate certificate: null
                        W      at org.jivesoftware.smack.XMPPConnection.initReaderAndWriter(XMPPConnection.java:762)
                        W      at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:898)
                        W      at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:267)
                        W      at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)
                        W  Nested Exception:
                        W  javax.net.ssl.SSLHandshakeException: com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException: Could not validate certificate: null
                        W      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:409)
                        W      at com.android.org.conscrypt.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocketImpl.java:661)
                        W      at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:632)
                        W      at org.jivesoftware.smack.XMPPConnection.initReaderAndWriter(XMPPConnection.java:729)
                        W      at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:898)
                        W      at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:267)
                        W      at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)
                        W  Caused by: java.security.cert.CertificateException: com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException: Could not validate certificate: null
                        W      at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:308)
                        W      at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:192)
                        W      at org.thoughtcrime.ssl.pinning.PinningTrustManager.checkSystemTrust(PinningTrustManager.java:135)
                        W      at org.thoughtcrime.ssl.pinning.PinningTrustManager.checkServerTrusted(PinningTrustManager.java:175)
                        W      at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:613)
                        W      at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
                        W      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405)
                        W      ... 6 more
                        W  Caused by: com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException: Could not validate certificate: null
                        W      at com.android.org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCertA(RFC3280CertPathUtilities.java:1488)
                        W      at com.android.org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:305)
                        W      at java.security.cert.CertPathValidator.validate(CertPathValidator.java:190)
                        W      at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:295)
                        W      ... 12 more
                        W  Caused by: java.security.cert.CertificateExpiredException
                        W      at com.android.org.conscrypt.OpenSSLX509Certificate.checkValidity(OpenSSLX509Certificate.java:220)
                        W      at com.android.org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCertA(RFC3280CertPathUtilities.java:1483)
                        W      ... 15 more

      XMPPCertPinsTest  I  TESTING DOMAINS WITH PINS: dukgo.com
            System.err  W  XMPPError establishing connection with server.: remote-server-error(502) XMPPError establishing connection with server.
                        W    -- caused by: javax.net.ssl.SSLHandshakeException: No valid pins found in chain!
                        W      at org.jivesoftware.smack.XMPPConnection.initReaderAndWriter(XMPPConnection.java:762)
                        W      at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:898)
                        W      at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:267)
                        W      at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)
                        W  Nested Exception:
                        W  javax.net.ssl.SSLHandshakeException: No valid pins found in chain!
                        W      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:409)
                        W      at com.android.org.conscrypt.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocketImpl.java:661)
                        W      at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:632)
                        W      at org.jivesoftware.smack.XMPPConnection.initReaderAndWriter(XMPPConnection.java:729)
                        W      at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:898)
                        W      at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:267)
                        W      at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)
                        W  Caused by: java.security.cert.CertificateException: No valid pins found in chain!
                        W      at org.thoughtcrime.ssl.pinning.PinningTrustManager.checkPinTrust(PinningTrustManager.java:157)
                        W      at org.thoughtcrime.ssl.pinning.PinningTrustManager.checkServerTrusted(PinningTrustManager.java:176)
                        W      at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:613)
                        W      at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
                        W      at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405)
                        W      ... 6 more

History

#1 Updated by n8fr8 over 2 years ago

  • Target version changed from v14 - Armadillo's Agram to v15 - AWESOME APP

Also available in: Atom PDF