Ignite Realtime

powered by Jive Software

Ignite Realtime Community Forums

javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found

Smack Smack Dev

yuexl February 27, 2015, 2:29pm 1

Connection closed with error

javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.ja va:306)

at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl. java:598)

at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.ja va:560)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnect ion.java:620)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnecti on.java:720)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$900(XMPPTCPConnection.java: 137)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPC onnection.java:981)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$200(XMPPTCPCon nection.java:915)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnecti on.java:930)

at java.lang.Thread.run(Thread.java:818)

Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:3 18)

at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl. java:219)

at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:113)

at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocke tImpl.java:525)

at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)

at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.ja va:302)

at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl. java:598)

at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.ja va:560)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnect ion.java:620)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnecti on.java:720)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$900(XMPPTCPConnection.java: 137)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPC onnection.java:981)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$200(XMPPTCPCon nection.java:915)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnecti on.java:930)

at java.lang.Thread.run(Thread.java:818)

Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:3 18)

at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl. java:219)

at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:113)

at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocke tImpl.java:525)

at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)

at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.ja va:302)

at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl. java:598)

at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.ja va:560)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnect ion.java:620)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnecti on.java:720)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$900(XMPPTCPConnection.java: 137)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPC onnection.java:981)

how can i fix this issure?

thanks in advance

John_Ying February 27, 2015, 4:39pm 2

Not sure if it helps, but have you looked at this?

https://developer.android.com/training/articles/security-ssl.html

yuexl February 28, 2015, 2:50pm 3

My simple android code :

/**

connect to xmpp server

*/

private void connectXMPPServer() {

XMPPTCPConnectionConfiguration config = XMPPTCPConnectionConfiguration.builder()

.setUsernameAndPassword(“yuexl”, “123456”)

.setServiceName(“haihongmacdemacbook-pro.local”)

.setHost(“192.168.1.105”)

.setPort(5222)

.build();

try {

AbstractXMPPConnection conn2 = new XMPPTCPConnection(config);

conn2.connect();

}catch (Exception ex){

Log.i(TAG,ex.getMessage());

}

}

Did i miss something important?

Zigma February 28, 2015, 4:09pm 4

I assume you are using your own ssl certificates, may be self signed.

for testing purpose you can disable SSL in your server and complete your testing and use cases and later you can worry about SSL certificates

yuexl February 28, 2015, 5:40pm 5

I have disable SSL in server,

how can i disable SASLAuthentication in android client? like old version :

connectionConfig.setSASLAuthenticationEnabled(false); // I could not find this method now in XMPPTCPConnectionConfiguration

Zigma March 2, 2015, 6:36am 6

SASL is different and SSL is different

SSL handshake happens at the protocol level inside the socket programs

SASL is the XMPP life cycle which happens by sending and receiving XML tags like DIGEST-MD5, ETERNAL… etc

if you want to disable SASL, you can use following code

.setSecurityMode(SecurityMode.disabled) in your configuration builder

for SSL ignoring, temporary you can use following code (but I would recommend you switch to a proper signed SSL certificate)

TLSUtils.acceptAllCertificates(config)

TLSUtils.disableHostnameVerificationForTlsCertificicates(config)

1 Like

Flow March 2, 2015, 11:40am 7

if you want to disable SASL, you can use following code

.setSecurityMode(SecurityMode.disabled) in your configuration builder

No, security mode controls if TLS will be used or not. It has nothing to do with SASL.

SASL is always used to authenticate the client.

1 Like

Zigma March 2, 2015, 1:32pm 8

as per the code Smack/AbstractXMPPConnection.java at master · igniterealtime/Smack · GitHub line 1396

saslFeatureReceived.reportSuccess(); is triggered in case the config.getSecurityMode() == SecurityMode.disabled

I am not sure, may be I am wrong

yuexl March 3, 2015, 7:59am 9

I have set setSecurityMode(SecurityMode.disabled)
but i can not connect to openfire server, is there anyway to let me connect to openfire server
I installed openfire in my mac pro,and use android studio dev tools.I wrote code the same as in smack doc,but i can not connect…
can you give me some tips or guides, thank you very much

Flow March 3, 2015, 8:24am 10

Yep, you are misinterpreting the code. That’s basically the logic in Smack that the sasl feature where received here if TLS is not used.

Zigma March 3, 2015, 10:52am 11

I would recomend you try BOSH using smack-bosh

Sangamesh1 March 5, 2015, 6:31am 12

ConnectionConfiguration config = new ConnectionConfiguration(“openfire-hostname”, 5222);

config.setSASLAuthenticationEnabled(false);

config.setSecurityMode(SecurityMode.disabled);

QuinnChen June 3, 2015, 8:29am 13

Hello, have you solved this problem, I have come across this problem today.