代码之家  ›  专栏  ›  技术社区  ›  M Rajoy

正在获取“未找到证书路径的信任锚点”为了一个曾经有用的服务

okhttp retrofit https android
  •  0
  • M Rajoy  · 技术社区  · 5 年前

    我得到了臭名昭著的 SSLHandshake 从昨天开始的例外 service 这一直有效。据我所知,当HTTPs证书由操作系统中未包含的CA签署时,就会发生这种情况。

    然而,我在桌面和移动设备(香草安卓)上都尝试过将这个URL直接插入Chrome浏览器,他们都声称该证书是有效的,并且来自一个已知的CA。

    为什么从昨天开始,我的代码没有任何变化?此服务来自第三方(包裹追踪),因此我无法在我的应用程序中包含他们的证书。

    我错过什么了吗?我使用的是翻新+Moshi+OkHttp

    这是我得到的全部信息: 

    javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:229)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:367)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:325)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:197)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:249)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:108)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:76)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:245)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:100)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:96)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:100)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
2020-07-09 18:04:04.684 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:100)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:100)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:197)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at okhttp3.internal.connection.RealCall.execute(RealCall.kt:148)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at retrofit2.OkHttpCall.execute(OkHttpCall.java:204)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at retrofit2.adapter.rxjava2.CallExecuteObservable.subscribeActual(CallExecuteObservable.java:46)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.Observable.subscribe(Observable.java:12267)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at retrofit2.adapter.rxjava2.BodyObservable.subscribeActual(BodyObservable.java:35)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.Observable.subscribe(Observable.java:12267)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.observable.ObservableSingleSingle.subscribeActual(ObservableSingleSingle.java:35)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.Single.subscribe(Single.java:3603)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.single.SingleMap.subscribeActual(SingleMap.java:34)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.Single.subscribe(Single.java:3603)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.single.SingleFlatMap$SingleFlatMapCallback.onSuccess(SingleFlatMap.java:84)
2020-07-09 18:04:04.685 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.single.SingleDoOnSuccess$DoOnSuccess.onSuccess(SingleDoOnSuccess.java:60)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.single.SingleCreate$Emitter.onSuccess(SingleCreate.java:67)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at androidx.room.RxRoom$5.subscribe(RxRoom.java:229)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.single.SingleCreate.subscribeActual(SingleCreate.java:39)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.Single.subscribe(Single.java:3603)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.single.SingleDoOnSuccess.subscribeActual(SingleDoOnSuccess.java:35)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.Single.subscribe(Single.java:3603)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.single.SingleFlatMap.subscribeActual(SingleFlatMap.java:36)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.Single.subscribe(Single.java:3603)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.single.SingleFlatMap.subscribeActual(SingleFlatMap.java:36)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.Single.subscribe(Single.java:3603)
2020-07-09 18:04:04.686 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.single.SingleDoOnSuccess.subscribeActual(SingleDoOnSuccess.java:35)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.Single.subscribe(Single.java:3603)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.operators.single.SingleSubscribeOn$SubscribeOnObserver.run(SingleSubscribeOn.java:89)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.Scheduler$DisposeTask.run(Scheduler.java:578)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.schedulers.ScheduledRunnable.run(ScheduledRunnable.java:66)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at io.reactivex.internal.schedulers.ScheduledRunnable.call(ScheduledRunnable.java:57)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at java.util.concurrent.FutureTask.run(FutureTask.java:266)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:301)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at java.lang.Thread.run(Thread.java:764)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh: Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:646)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:418)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:339)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:208)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at com.android.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(ConscryptFileDescriptorSocket.java:404)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
2020-07-09 18:04:04.687 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:375)
2020-07-09 18:04:04.688 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:     at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:224)
2020-07-09 18:04:04.688 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:  ... 49 more
2020-07-09 18:04:04.688 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh: Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
2020-07-09 18:04:04.688 10577-10577/net.kelmer.correostracker.debug E/ParcelListViewModel$refresh:  ... 60 more
    0 回复  |  直到 5 年前
        1
  •  0
  •   Yuri Schimke    5 年前

    我相信服务器提供的是一个不完整的链条,Firefox能够解决这个问题。

    https://www.ssllabs.com/ssltest/analyze.html?d=localizador.correos.es&latest

    连锁问题不完整 

     Path #1: Trusted
1   Sent by server  localizador.correos.es
Fingerprint SHA256: 9665607354d2caa7990b2b5771a7aea0b598902df8814f6ca07f5dd6e3f69f89
Pin SHA256: uAsu6QaEo1pYjkzUnsW/IK9oJDdbEF8TQ5xfVGSXCX0=
RSA 2048 bits (e 65537) / SHA256withRSA

2   Extra download  Entrust Certification Authority - L1K
Fingerprint SHA256: 13efb39a2f6654e8c67bd04f4c6d4c90cd6cab5091bcedc73787f6b77d3d3fe7
Pin SHA256: 980Ionqp3wkYtN9SZVgMzuWQzJta1nfxNPwTem1X0uc=
RSA 2048 bits (e 65537) / SHA256withRSA

3   In trust store  Entrust Root Certification Authority - G2   Self-signed 
Fingerprint SHA256: 43df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f339
Pin SHA256: du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U=
RSA 2048 bits (e 65537) / SHA256withRSA
    推荐文章
    关于   移动版
    代码之家 - 一站式码农服务社区
    沪ICP备11025650号