XEP-0363 TLS

[zaa76]

On Android 8.1

javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

I have self-signed Root and Intermediate certificates. Certificates were installed in the DER format to Trust Store

[zaa76]

[zaa76]

[zaa76]

[oxoWrk]

you probably just need to install one or more Intermediate certificates. Open a text editor and paste the entire body of each certificate into one text file in the following order:

1. The Primary Certificate - your_domain_name.crt
2. The Root Certificate - TrustedRoot.crt

Save the combined file as fullchain.pem and use this file in your server configuration

[zaa76]

Good day! This situation concerns the preview image in the chat window. With the full opening of the image there are problems with SSL clicking on the download button causes it to crash and restart the application.

This problem is observed on Android 7 and Android 8+

Everything works great on Android 5+

[feroom]

Similar problem. When I receive a picture, I get the same error.

It's not about certificates, it's clearly about handling the https request by the android system, since the application tries to open the url not in the browser.

Can anyone have a solution to the problem on a fresh Android OS?

[ghost]

I use a validated certificate. The certificate was issued by Alpha SSL.

I have already used different certificates it unfortunately does not work. Pleas Help!

[iamsimakov]

Hi, the same problem. We have self signed ssl cert. Android 8.1. org.jivesoftware.smack.SmackException: javax.net.ssl.SSLHandshakeException: Handshake failed at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(Unknown Source:891) at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(Unknown Source:0) at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(Unknown Source:2) at java.lang.Thread.run(Thread.java:764) Caused by: javax.net.ssl.SSLHandshakeException: Handshake failed at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:276) at com.android.org.conscrypt.ConscryptFileDescriptorSocket.waitForHandshake(ConscryptFileDescriptorSocket.java:468) at com.android.org.conscrypt.ConscryptFileDescriptorSocket.getInputStream(ConscryptFileDescriptorSocket.java:431) at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(Unknown Source:2) at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(Unknown Source:375) at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(Unknown Source:0) at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(Unknown Source:878) ... 3 more Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x763b3d6840: Failure in SSL library, usually a protocol error error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/tls_record.cc:579 0x764d214ec0:0x00000001) error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (external/boringssl/src/ssl/handshake_client.cc:893 0x764adf688f:0x00000000) at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) at com.android.org.conscrypt.SslWrapper.doHandshake(SslWrapper.java:374) at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:217) ... 9 more

For example in pidgin I need manually apply incoming cert for first connection. Is there any window for accepting cert manually in Xabber?

[fsyy]

i have the very same error, no preview images, but if i download, it works and i see the image. it's only with the preview.

Android 9

[lixxdee]

I have some prolbem, but i fix it, when make .pem file with (crt, intermediate certificate and root public crt). Also you need have pem with you privete key