react-native-pdf icon indicating copy to clipboard operation
react-native-pdf copied to clipboard

Published 20 hours ago verified publisher icon wonday

Unable to show PDF if `trustAllCerts = true`

Open marqroldan opened this issue 4 years ago • 5 comments

What react-native version are you using? 0.61.5

What react-native-pdf version are you using? 6.1.2

What platform does your issue occur on? (android/ios/both) Android

Describe your issue as precisely as possible :

  1. Steps to reproduce the issue or to explain in which case you get the issue Didn't try the example project, but here's a sample code const source = { uri: 'http://samples.leanpub.com/thereactnativebook-sample.pdf', cache: true, }; <PDF source={source} onLoadComplete={(numberOfPages, filePath) => { console.log(number of pages: ${numberOfPages}); }} onPageChanged={(page, numberOfPages) => { console.log(current page: ${page}); }} onError={(error) => { console.log(error); }} onPressLink={(uri) => { console.log(Link presse: ${uri}); }} trustAllCerts={false} style={{flex: 1}} />
  2. Interesting logs [Error: RNFetchBlob request error: java.lang.IllegalStateException: Unable to extract the trust manager on AndroidPlatform, sslSocketFactory is class org.conscrypt.OpenSSLSocketFactoryImpljava.lang.IllegalStateException: Unable to extract the trust manager on AndroidPlatform, sslSocketFactory is class org.conscrypt.OpenSSLSocketFactoryImpl]

Join a screenshot or video of the problem on the simulator or device?

--

I'm aware that this could be an rn-fetch-blob issue, but I also thought that it's much safer if trustAllCerts is set to false by default.

I have tested the following links:

  • http://www.africau.edu/images/default/sample.pdf
  • https://www.w3.org/WAI/ER/tests/xhtml/testfiles/resources/pdf/dummy.pdf

And they all work fine

marqroldan avatar May 21 '20 10:05 marqroldan

I'm also facing the same issue. @marqroldan Any solution for this?

damo-veda avatar Dec 16 '21 16:12 damo-veda

setting

trustAllCerts={false}

did the trick on my end

vitonimal avatar May 17 '22 14:05 vitonimal

setting

trustAllCerts={false}

did the trick on my end

Really helped. Thanks

StaniEbo avatar Jan 27 '23 15:01 StaniEbo

Thanks man, Really helped!!

JonathanLopesM avatar Aug 19 '23 12:08 JonathanLopesM

Came across the same problem today and I honestly don't understand why this option is enabled by default.

As far as I understand, this basically enables the trusty option of react-native-blob-util, which on Android also requires setting up a trust manager. But not only that, I think from a security perspective it's also less secure or to quote from react-native-blob-util:

By default, react-native-blob-util does NOT allow connection to unknown certification provider since it's dangerous.

Source: https://github.com/RonRadtke/react-native-blob-util#self-signed-ssl-server

I think this option should be disabled by default as in most cases you shouldn't need it anyway. If you need self-signed certificates you can still enable it and implement the trust manager.

philipheimboeck avatar Sep 29 '23 06:09 philipheimboeck