Deku-SMS-Android
Deku-SMS-Android copied to clipboard
Published
20 hours ago •
deku-messaging
deku-messaging
Unable to forward SMS using self-signed certificates, java.security.cert.CertPathValidatorException
Steps to reproduce:
- Generate new Root CA and self-signed endpoint certificates on the server (no domains are used, the endpoint is supposed to be accessed via its IP address)
- Import 2 new certificates using Android's System Settings
- In Deku, add a new Gateway server
https://x:y/endpointwherexis the IP address (not the domain) andyis the port of the endpoint. - Receive an SMS, wait for it to get queued
- Watch the message getting stuck in the queue forever:
02-11 01:24:28.879 8051 8213 D com.afkanerd.deku.Router.Router.RouterHandler: Request to router: {
[snip]
02-11 01:24:28.879 8051 8213 D com.afkanerd.deku.Router.Router.RouterHandler: }
02-11 01:24:28.955 8051 8213 W System.err: java.util.concurrent.ExecutionException: com.android.volley.NoConnectionError: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
02-11 01:24:28.956 8051 8213 W System.err: at com.android.volley.toolbox.RequestFuture.doGet(RequestFuture.java:124)
02-11 01:24:28.956 8051 8213 W System.err: at com.android.volley.toolbox.RequestFuture.get(RequestFuture.java:97)
02-11 01:24:28.956 8051 8213 W System.err: at com.afkanerd.deku.Router.Router.RouterHandler.routeJsonMessages(RouterHandler.java:68)
02-11 01:24:28.956 8051 8213 W System.err: at com.afkanerd.deku.Router.Router.RouterWorkManager.doWork(RouterWorkManager.java:31)
02-11 01:24:28.956 8051 8213 W System.err: at androidx.work.Worker$1.run(Worker.java:82)
02-11 01:24:28.956 8051 8213 W System.err: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
02-11 01:24:28.956 8051 8213 W System.err: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
02-11 01:24:28.956 8051 8213 W System.err: at java.lang.Thread.run(Thread.java:923)
02-11 01:24:28.956 8051 8213 W System.err: Caused by: com.android.volley.NoConnectionError: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
02-11 01:24:28.956 8051 8213 W System.err: at com.android.volley.toolbox.NetworkUtility.shouldRetryException(NetworkUtility.java:173)
02-11 01:24:28.956 8051 8213 W System.err: at com.android.volley.toolbox.BasicNetwork.performRequest(BasicNetwork.java:145)
02-11 01:24:28.956 8051 8213 W System.err: at com.android.volley.NetworkDispatcher.processRequest(NetworkDispatcher.java:132)
02-11 01:24:28.956 8051 8213 W System.err: at com.android.volley.NetworkDispatcher.processRequest(NetworkDispatcher.java:111)
02-11 01:24:28.956 8051 8213 W System.err: at com.android.volley.NetworkDispatcher.run(NetworkDispatcher.java:90)
02-11 01:24:28.956 8051 8213 W System.err: Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
02-11 01:24:28.956 8051 8213 W System.err: at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:362)
02-11 01:24:28.956 8051 8213 W System.err: at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1134)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1089)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:876)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:849)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.access$100(ConscryptEngineSocket.java:722)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:238)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:217)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:196)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:153)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:116)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:186)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:128)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:97)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:289)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:232)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:465)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:131)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:262)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getOutputStream(DelegatingHttpsURLConnection.java:219)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:30)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.volley.toolbox.HurlStack.createOutputStream(HurlStack.java:319)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.volley.toolbox.HurlStack.addBody(HurlStack.java:301)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.volley.toolbox.HurlStack.addBodyIfExists(HurlStack.java:285)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.volley.toolbox.HurlStack.setConnectionParametersForRequest(HurlStack.java:257)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.volley.toolbox.HurlStack.executeRequest(HurlStack.java:89)
02-11 01:24:28.957 8051 8213 W System.err: at com.android.volley.toolbox.BasicNetwork.performRequest(BasicNetwork.java:104)
02-11 01:24:28.957 8051 8213 W System.err: ... 3 more
02-11 01:24:28.958 8051 8213 W System.err: Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
02-11 01:24:28.958 8051 8213 W System.err: at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:677)
02-11 01:24:28.958 8051 8213 W System.err: at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:554)
02-11 01:24:28.958 8051 8213 W System.err: at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:510)
02-11 01:24:28.958 8051 8213 W System.err: at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:428)
02-11 01:24:28.958 8051 8213 W System.err: at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:356)
02-11 01:24:28.958 8051 8213 W System.err: at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
02-11 01:24:28.958 8051 8213 W System.err: at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:90)
02-11 01:24:28.958 8051 8213 W System.err: at com.android.org.conscrypt.ConscryptEngineSocket$2.checkServerTrusted(ConscryptEngineSocket.java:161)
02-11 01:24:28.958 8051 8213 W System.err: at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:250)
02-11 01:24:28.958 8051 8213 W System.err: at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1644)
02-11 01:24:28.958 8051 8213 W System.err: at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
02-11 01:24:28.958 8051 8213 W System.err: at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:568)
02-11 01:24:28.958 8051 8213 W System.err: at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1095)
02-11 01:24:28.958 8051 8213 W System.err: at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1079)
02-11 01:24:28.958 8051 8213 W System.err: ... 29 more
02-11 01:24:28.958 8051 8213 W System.err: Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
02-11 01:24:28.958 8051 8213 W System.err: ... 43 more
Would be cool to have some "ignore all this SSL bullshit and continue as is" toggle in Deku.
