Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trust anchor for certification path not found #4705

Closed
eddyjl077 opened this issue Feb 15, 2022 · 1 comment
Closed

Trust anchor for certification path not found #4705

eddyjl077 opened this issue Feb 15, 2022 · 1 comment
Labels
platform/android 🤖 t/bug Something isn't working

Comments

@eddyjl077
Copy link

Description

Not able to use localhost to test an App for Android

Steps to Reproduce

  1. create a new app and try to do a request to an API on localhost.
  2. use code
  3. #if DEBUG
    var httpHandler = new HttpClientHandler
    {
    ServerCertificateCustomValidationCallback = (o, cert, chain, errors) => true
    };
    //or
    httpHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) =>
    {
    if (cert.Issuer.Equals("CN=localhost"))
    return true;
    return errors == System.Net.Security.SslPolicyErrors.None;
    };
    //or
    ServicePointManager.ServerCertificateValidationCallback = (sender, cert, chain, sslPolicyErrors) =>
    {
    return true;
    };
    #else
    var httpHandler = new HttpClientHandler();
    #endif

none work

Version with bug

Preview 13

Last version that worked well

Preview 10

Affected platforms

Android

Affected platform versions

android 10+

Did you find any workaround?

No

Relevant log output

System.Net.WebException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
 ---> Javax.Net.Ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
 ---> Java.Security.Cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
 ---> Java.Security.Cert.CertPathValidatorException: Trust anchor for certification path not found.

  --- End of managed Java.Security.Cert.CertPathValidatorException stack trace ---
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
	at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:661)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:539)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:418)
	at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:339)
	at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
	at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
	at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:208)
	at com.android.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(ConscryptFileDescriptorSocket.java:404)
	at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
	at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:375)
	at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:224)
	at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:192)
	at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:149)
	at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:112)
	at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
	at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
	at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
	at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:281)
	at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:224)
	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:461)
	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
	at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
	at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:26)

  --- End of managed Java.Security.Cert.CertPathValidatorException stack trace ---
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
	at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:661)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:539)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:418)
	at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:339)
	at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
	at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
	at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:208)
	at com.android.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(ConscryptFileDescriptorSocket.java:404)
	at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
	at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:375)
	at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:224)
	at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:192)
	at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:149)
	at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:112)
	at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
	at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
	at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
	at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:281)
	at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:224)
	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:461)
	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
	at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
	at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:26)

   --- End of inner exception stack trace ---

  --- End of managed Java.Security.Cert.CertificateException stack trace ---
java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
	at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:661)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:539)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:418)
	at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:339)
	at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
	at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
	at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:208)
	at com.android.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(ConscryptFileDescriptorSocket.java:404)
	at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
	at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:375)
	at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:224)
	at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:192)
	at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:149)
	at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:112)
	at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
	at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
	at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
	at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:281)
	at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:224)
	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:461)
	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
	at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
	at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:26)
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
	... 24 more

  --- End of managed Java.Security.Cert.CertificateException stack trace ---
java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
	at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:661)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:539)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:418)
	at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:339)
	at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
	at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
	at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:208)
	at com.android.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(ConscryptFileDescriptorSocket.java:404)
	at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
	at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:375)
	at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:224)
	at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:192)
	at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:149)
	at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:112)
	at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
	at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
	at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
	at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:281)
	at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:224)
	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:461)
	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
	at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
	at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:26)
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
	... 24 more

   --- End of inner exception stack trace ---
   at Java.Interop.JniEnvironment.InstanceMethods.CallVoidMethod(JniObjectReference instance, JniMethodInfo method, JniArgumentValue* args) in /Users/builder/azdo/_work/2/s/xamarin-android/external/Java.Interop/src/Java.Interop/Java.Interop/JniEnvironment.g.cs:line 11643
   at Java.Interop.JniPeerMembers.JniInstanceMethods.InvokeAbstractVoidMethod(String encodedMember, IJavaPeerable self, JniArgumentValue* parameters) in /Users/builder/azdo/_work/2/s/xamarin-android/external/Java.Interop/src/Java.Interop/Java.Interop/JniPeerMembers.JniInstanceMethods_Invoke.cs:line 17
   at Javax.Net.Ssl.HttpsURLConnectionInvoker.Connect() in /Users/builder/azdo/_work/2/s/xamarin-android/src/Mono.Android/obj/Release/net6.0/android-32/mcw/Javax.Net.Ssl.HttpsURLConnection.cs:line 433
   at Xamarin.Android.Net.AndroidMessageHandler.<>c__DisplayClass125_0.<ConnectAsync>b__0() in /Users/builder/azdo/_work/2/s/xamarin-android/src/Mono.Android/Xamarin.Android.Net/AndroidMessageHandler.cs:line 442
   at System.Threading.Tasks.Task.InnerInvoke()
   at System.Threading.Tasks.Task.<>c.<.cctor>b__272_0(Object obj)
   at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object state)
--- End of stack trace from previous location ---
   at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread)
--- End of stack trace from previous location ---
   at Xamarin.Android.Net.AndroidMessageHandler.DoProcessRequest(HttpRequestMessage request, URL javaUrl, HttpURLConnection httpConnection, CancellationToken cancellationToken, RequestRedirectionState redirectState) in /Users/builder/azdo/_work/2/s/xamarin-android/src/Mono.Android/Xamarin.Android.Net/AndroidMessageHandler.cs:line 494
   at Xamarin.Android.Net.AndroidMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) in /Users/builder/azdo/_work/2/s/xamarin-android/src/Mono.Android/Xamarin.Android.Net/AndroidMessageHandler.cs:line 367
  --- End of managed Javax.Net.Ssl.SSLHandshakeException stack trace ---
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
	at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:229)
	at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:192)
	at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:149)
	at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:112)
	at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
	at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
	at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
	at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:281)
	at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:224)
	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:461)
	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
	at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
	at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:26)
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
	at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:661)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:539)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:418)
	at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:339)
	at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
	at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
	at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:208)
	at com.android.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(ConscryptFileDescriptorSocket.java:404)
	at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
	at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:375)
	at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:224)
	... 12 more
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
	... 24 more

  --- End of managed Javax.Net.Ssl.SSLHandshakeException stack trace ---
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
	at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:229)
	at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:192)
	at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:149)
	at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:112)
	at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
	at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
	at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
	at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:281)
	at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:224)
	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:461)
	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
	at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
	at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:26)
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
	at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:661)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:539)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:418)
	at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:339)
	at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
	at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
	at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:208)
	at com.android.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(ConscryptFileDescriptorSocket.java:404)
	at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
	at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:375)
	at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:224)
	... 12 more
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
	... 24 more
@eddyjl077 eddyjl077 added the t/bug Something isn't working label Feb 15, 2022
@Eilon
Copy link
Member

Eilon commented Feb 15, 2022

I've run into this as well. This is a known issue described here: dotnet/runtime#62966

Please upvote that issue to help it get prioritized.

@Eilon Eilon closed this as completed Feb 15, 2022
@ghost ghost locked as resolved and limited conversation to collaborators Mar 18, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
platform/android 🤖 t/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Eilon @samhouts @eddyjl077