[SOLVED]Android - Trust anchor for certification path not found

Seafile Client
1

Hey

I have a weird problem with my Android client.

I’m running Seafile Server on Arch Linux ARM Raspberry Pi 2 at home.
My Android Version is 8.1.0 root RRemix Rom on a Note 4 - up 2 date.

I wanna upload my photos and videos.
Following problem …

MatLog
07-20 15:55:27.539 D/SyncManager(1808): failed sync operation JobId=104087 192.168.1.xx:port (email)/com.seafile.seadroid2.account.api2 u0 [com.seafile.seadroid2.cameraupload.provider] SERVER ExpectedIn=-4s Reason=10187, SyncResult: stats [ numIoExceptions: 1]

ADB LogCat

07-20 21:38:58.000  8831  8850 W System.err:    ... 33 more
07-20 21:38:58.002  8831  8850 W System.err: Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
07-20 21:38:58.002  8831  8850 W System.err:    ... 45 more
07-20 21:38:58.002  8831  8856 W System.err: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
07-20 21:38:58.002  8831  8856 W System.err:    at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:219)
07-20 21:38:58.002  8831  8856 W System.err:    at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:299)
07-20 21:38:58.003  8831  8856 W System.err:    at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:268)
07-20 21:38:58.003  8831  8856 W System.err:    at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:160)
07-20 21:38:58.003  8831  8856 W System.err:    at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:256)
07-20 21:38:58.003  8831  8856 W System.err:    at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:134)
07-20 21:38:58.003  8831  8856 W System.err:    at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:113)
07-20 21:38:58.003  8831  8856 W System.err:    at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
07-20 21:38:58.003  8831  8856 W System.err:    at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
07-20 21:38:58.003  8831  8856 W System.err:    at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
07-20 21:38:58.003  8831  8856 W System.err:    at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
07-20 21:38:58.003  8831  8856 W System.err:    at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
07-20 21:38:58.003  8831  8856 W System.err:    at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
07-20 21:38:58.003  8831  8856 W System.err:    at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
07-20 21:38:58.003  8831  8856 W System.err:    at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
07-20 21:38:58.003  8831  8856 W System.err:    at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:125)
07-20 21:38:58.003  8831  8856 W System.err:    at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
07-20 21:38:58.003  8831  8856 W System.err:    at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
07-20 21:38:58.003  8831  8856 W System.err:    at com.seafile.seadroid2.httputils.RequestManager$LoggingInterceptor.intercept(RequestManager.java:65)
07-20 21:38:58.003  8831  8856 W System.err:    at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
07-20 21:38:58.003  8831  8856 W System.err:    at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
07-20 21:38:58.003  8831  8856 W System.err:    at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:200)
07-20 21:38:58.004  8831  8856 W System.err:    at okhttp3.RealCall.execute(RealCall.java:77)
07-20 21:38:58.004  8831  8856 W System.err:    at com.seafile.seadroid2.SeafConnection.uploadFileCommon(SeafConnection.java:904)
07-20 21:38:58.004  8831  8856 W System.err:    at com.seafile.seadroid2.SeafConnection.uploadFile(SeafConnection.java:874)
07-20 21:38:58.004  8831  8856 W System.err:    at com.seafile.seadroid2.data.DataManager.uploadFileCommon(DataManager.java:686)
07-20 21:38:58.008  8831  8856 W System.err:    at com.seafile.seadroid2.data.DataManager.uploadFile(DataManager.java:680)
07-20 21:38:58.008  8831  8856 W System.err:    at com.seafile.seadroid2.transfer.UploadTask.doInBackground(UploadTask.java:89)
07-20 21:38:58.008  8831  8856 W System.err:    at com.seafile.seadroid2.transfer.UploadTask.doInBackground(UploadTask.java:18)
07-20 21:38:58.008  8831  8856 W System.err:    at android.os.AsyncTask$2.call(AsyncTask.java:333)
07-20 21:38:58.008  8831  8856 W System.err:    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
07-20 21:38:58.008  8831  8856 W System.err:    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
07-20 21:38:58.008  8831  8856 W System.err:    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
07-20 21:38:58.008  8831  8856 W System.err:    at java.lang.Thread.run(Thread.java:764)
07-20 21:38:58.009  8831  8856 W System.err: Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
07-20 21:38:58.009  8831  8856 W System.err:    at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:661)
07-20 21:38:58.009  8831  8856 W System.err:    at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:539)
07-20 21:38:58.009  8831  8856 W System.err:    at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495)
07-20 21:38:58.009  8831  8856 W System.err:    at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:418)
07-20 21:38:58.009  8831  8856 W System.err:    at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:339)
07-20 21:38:58.009  8831  8856 W System.err:    at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
07-20 21:38:58.009  8831  8856 W System.err:    at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
07-20 21:38:58.009  8831  8856 W System.err:    at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:197)
07-20 21:38:58.009  8831  8856 W System.err:    at com.android.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(ConscryptFileDescriptorSocket.java:399)
07-20 21:38:58.009  8831  8856 W System.err:    at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
07-20 21:38:58.009  8831  8856 W System.err:    at com.android.org.conscrypt.SslWrapper.doHandshake(SslWrapper.java:374)
07-20 21:38:58.009  8831  8856 W System.err:    at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:217)
07-20 21:38:58.009  8831  8856 W System.err:    ... 33 more
07-20 21:38:58.010  8831  8856 W System.err: Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
07-20 21:38:58.010  8831  8856 W System.err:    ... 45 more
07-20 21:38:58.148  1794  1887 D SyncManager: failed sync operation JobId=101522 192.168.1.xx:port (email)/com.seafile.seadroid2.account.api2 u0 [com.seafile.seadroid2.cameraupload.provider] SERVER ExpectedIn=-25s Reason=10187, SyncResult: stats [ numIoExceptions: 1]

The folder will be uploaded but not the photos or videos.
The ssl certificates are self signed but there is no problem on another Note4 with Marshmallow for example.

I have a Seafile Server running in the www as well with Let’s Encrypt. There is no problem with uploading any photos etc.

I tried to use only http with the same result. I’m not sure what it is. Might be the next version of the rom will fix it. Might be it is the client. Not sure.

I have no errors in my server log files.

So, something seems to be the problem with the following. …
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
I’m not sure how to fix it. Any hints?

Thanks,
Dan

2

That error is usually due to a misconfigured certificate or a misconfiguration with the webserver config files as it relates to certificates… I suggest going to this web page and checking your certificate for issues.

https://www.digicert.com/help/

By the way, here are the most common reasons for that error:
The CA that issued the server certificate is not known.
The certificate was self signed rather than signed by a CA
The web server config does not have an intermediate CA

1 Like
3

Hey

thanks for the hint.

I changed the server back to http only. Same problem. I guess I have to delete the self signed certificate from the phone somehow.

Edit:
I had some trouble with my config for nginx.
I changed download/upload to http.

Thanks

4

No problem. But, yeah, if you have a self-signed cert on Android, it could certainly cause the problem. The big tech companies along with the CA’s are cracking down on self-signed certs. I finally broke down and purchased mine from a CA. They are dirt cheap anyway and you can get them for a couple of years at a time. And, they just work. Every free cert I’ve ever tried was a challenge and waste of my time trying to keep them running and compatible with everything.

5

A patch for that got merged to master on the gh repo of seadroid, now we just have to wait for it to be incorporated to the production branches

2 Likes
6

Thank you.

I’m running radicale and davdroid with the self signed certificates as well without any problems.

Good to see they are going to incl this.

1 Like