mapkit-android-demo icon indicating copy to clipboard operation
mapkit-android-demo copied to clipboard

Published 20 hours ago verified publisher icon yandex

yandex.maps: Certificate is not valid

Open Telzhanov opened this issue 6 years ago • 12 comments
trafficstars

Карта не отображается. API key правильно подключил. В логах пишет: yandex.maps: Certificate is not valid: Domain specific configurations require that hostname aware checkServerTrusted(X509Certificate[], String, String) is used

Telzhanov avatar Mar 28 '19 06:03 Telzhanov

@Telzhanov i found a solution link - https://stackoverflow.com/questions/45940861/android-8-cleartext-http-traffic-not-permitted/52652182 I am surprised that there is little information in the official documentation. Developers are very bad work with it

Erdemtsynduev avatar Apr 07 '19 17:04 Erdemtsynduev

@Telzhanov i found a solution link - https://stackoverflow.com/questions/45940861/android-8-cleartext-http-traffic-not-permitted/52652182 I am surprised that there is little information in the official documentation. Developers are very bad work with it

How to solve a problem?

I did everything as written in the answer, as a result, the cards are empty and produce errors that are higher

FasdAR avatar Apr 09 '19 11:04 FasdAR

@FasdAR I tried the second way from Hrishikesh Kadam. It really helped me. I tried to turn off this setting and the cards stopped loading. My configuration is Android 8.0. More information on the Internet, I did not see what can help.

Erdemtsynduev avatar Apr 09 '19 11:04 Erdemtsynduev

@Erdemtsynduev I did everything the same, but it still does not work :(

alexxxdev avatar Apr 18 '19 08:04 alexxxdev

@Erdemtsynduev I did everything the same, but it still does not work :(

The second method helped me, from Hrishikesh Kadam

FasdAR avatar Apr 18 '19 16:04 FasdAR

Аналогичная ошибка возникает при добавлении в AndroidManifest.xml секции android:networkSecurityConfig на всех android 7+

  <application
            android:networkSecurityConfig="@xml/network_security_config">

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system"/>
            <certificates src="user"/>
        </trust-anchors>
    </base-config>
    <domain-config>
        <domain includeSubdomains="true">github.com</domain>
        <trust-anchors>
            <certificates src="system"/>
        </trust-anchors>
    </domain-config>
</network-security-config>

При этом в лог попадает следующая информация:

com.yandex.mapkitdemo D/NetworkSecurityConfig: Using Network Security Config from resource network_security_config debugBuild: true
com.yandex.mapkitdemo E/yandex.maps: Certificate is not valid: Domain specific configurations require that hostname aware checkServerTrusted(X509Certificate[], String, String) is used
com.yandex.mapkitdemo W/yandex.maps: yandex::maps::runtime::network::spdylay::SslSocketImpl::onVerifyCert: Server certificate chain haven't passed validation with trusted roots
com.yandex.mapkitdemo E/yandex.maps: yandex::maps::runtime::network::spdylay::Connector::connect: Could not connect to 87.250.250.139:443, reason: certificate verify failed
com.yandex.mapkitdemo W/yandex.maps: yandex::maps::runtime::logging::warn: Create OpenGl ES context version 3
com.yandex.mapkitdemo W/yandex.maps: decltype: Request 2(spdys://spdy3.mob.maps.yandex.net:443/mapkit2/init/2.x/random?lang=en_BY) failed with error: certificate verify failed
com.yandex.mapkitdemo W/yandex.maps: yandex::maps::runtime::network::http::asio::DnsSocket::pollRead: In DnsSocket object 0x712393de90: async_read_some error happened system:125
com.yandex.mapkitdemo E/yandex.maps: Certificate is not valid: Domain specific configurations require that hostname aware checkServerTrusted(X509Certificate[], String, String) is used
com.yandex.mapkitdemo W/yandex.maps: decltype: Couldn't fetch "https://spdy3.mob.maps.yandex.net:443/mapkit2/init/2.x/random?lang=en_BY" because of: cURL reports 60: SSL certificate verification failed
com.yandex.mapkitdemo E/yandex.maps: Certificate is not valid: Domain specific configurations require that hostname aware checkServerTrusted(X509Certificate[], String, String) is used
com.yandex.mapkitdemo W/yandex.maps: decltype: Couldn't fetch "https://s3.eu-central-1.amazonaws.com/tt3897/tt.json" because of: cURL reports 60: SSL certificate verification failed

Ошибка стабильно возникает при наличии секции <domain-config> независимо от того, какой домен в ней указан.

Если в файле network_security_config.xml оставить только секцию <base-config>, то карты корректно загружаются.

Отмечу, что WebView корректно подключается и загружает данные по url из логов https://s3.eu-central-1.amazonaws.com/tt3897/tt.json при подключенном android:networkSecurityConfig

CaxaHbl4 avatar Jun 19 '19 10:06 CaxaHbl4

Словил ту же проблему, при этом взаимодействия с cleartext-траффиком не происходит: проверил с помощью StrictMode.VmPolicy.Builder.detectCleartextNetwork()

oleg-indusrty avatar Jul 04 '19 11:07 oleg-indusrty

Есть продвижение по этому вопросу? Удалять секцию domain-config не кажется адекватным решением

mrnorbertf avatar Sep 26 '19 14:09 mrnorbertf

The problem is still actual. Should we wait for any fix?

int02h avatar Jun 02 '20 12:06 int02h

Написал в техподдержку, пока ничего не ответили.

teivienn avatar Jul 06 '20 12:07 teivienn

Написал в техподдержку, пока ничего не ответили.

@teivienn я уже почти год жду)))

Erdemtsynduev avatar Jul 06 '20 16:07 Erdemtsynduev

It seems Yandex has updated certificates. I've removed cleartextTrafficPermitted and everything works good. Could anyone confirm this?

(Tested on mapkit 3.3.1, 3.4.0 and 4.0-lite)

sirekanyan avatar Feb 15 '21 16:02 sirekanyan

Устаревшие версии MapKit мы не поддерживаем, в таких случаях рекомендуем обновится, поскольку в последней версии ошибка не воспроизводится.

In such cases, we recommend updating the app because the error is not reproduced in the latest version.

YandexMapKit avatar Dec 28 '22 13:12 YandexMapKit