webmon icon indicating copy to clipboard operation
webmon copied to clipboard

Published 20 hours ago verified publisher icon theAkito

Trust user CA certificates

Open T0astBread opened this issue 8 months ago • 1 comments

Hi! First of all, great app. However, I've noticed it doesn't seem to trust user-provided CA certificates. I've tried setting up monitoring for an HTTPS service that uses a network-internal CA which I've added to the system trust store. The certificates are set up correctly since it works in the browser but when I try refreshing the website entry I'm getting Status: 0 - Unknown and a certificate-related stack trace in Logcat.

It's not super important for me but it would be a nice feature to trust user CA certificates as well.

Logcat output 
10-27 01:07:17.945 19300 19338 E Webmon ##--> : javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:356)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1134)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1089)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:876)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:896)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.-$$Nest$mprocessDataFromSocket(Unknown Source:0)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:236)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:218)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:276)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:244)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.impl.io.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:148)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:413)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.impl.classic.InternalExecRuntime.connectEndpoint(InternalExecRuntime.java:164)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.impl.classic.InternalExecRuntime.connectEndpoint(InternalExecRuntime.java:174)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.impl.classic.ConnectExec.execute(ConnectExec.java:135)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.impl.classic.ExecChainElement$1.proceed(ExecChainElement.java:57)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.impl.classic.ProtocolExec.execute(ProtocolExec.java:169)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.impl.classic.ExecChainElement$1.proceed(ExecChainElement.java:57)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.impl.classic.HttpRequestRetryExec.execute(HttpRequestRetryExec.java:93)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.impl.classic.ExecChainElement$1.proceed(ExecChainElement.java:57)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.impl.classic.ContentCompressionExec.execute(ContentCompressionExec.java:128)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.impl.classic.ExecChainElement$1.proceed(ExecChainElement.java:57)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.impl.classic.RedirectExec.execute(RedirectExec.java:116)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.impl.classic.InternalHttpClient.doExecute(InternalHttpClient.java:178)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:75)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:89)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at ooo.akito.webmon.data.repository.WebSiteEntryRepository$getWebsiteStatus$2.invokeSuspend(WebSiteEntryRepository.kt:248)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at kotlinx.coroutines.internal.LimitedDispatcher.run(LimitedDispatcher.kt:42)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:95)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:570)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:749)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:677)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:664)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:656)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:615)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:505)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:425)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:353)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:90)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.ConscryptEngineSocket$2.checkServerTrusted(ConscryptEngineSocket.java:163)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:260)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1638)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:569)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1095)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1079)
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	... 39 more
10-27 01:07:17.945 19300 19338 E Webmon ##--> : Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
10-27 01:07:17.945 19300 19338 E Webmon ##--> : 	... 53 more
10-27 01:07:17.952 19300 19300 I Webmon ##--> : Observed Website Entry List Change.
10-27 01:07:17.952 19300 19300 I Webmon ##--> : Set all TODO Items.

Using version 2.9.0 from F-Droid on Android 14 (GrapheneOS).

T0astBread avatar Oct 26 '23 23:10 T0astBread