java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

Question

java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

AEFeinstein opened this issue 2 years ago · 9 comments

There's a new certificate for https://gatherer.wizards.com/ (issued 5/8/22) and some phones aren't happy about it.

A workaround could be to bundle the additional CA in the app:
https://developer.android.com/training/articles/security-config#TrustingAdditionalCas

Answer 1 · 2022-07-28T14:00:10.000Z

Not resolved by 27a8486 😟

Answer 2 · 2022-09-01T13:58:46.000Z

I see that in 27a8486 you added mobile/src/main/res/raw/wizards_of_the_coast.cer which is the certificate they are using used for that domain (gatherer.wizards.com), but did you try adding the intermediate certificate instead??

In red the one you added, in blue the one i'm asking if you tried:

I took a look at the docs but it's not really clear leaf certificates can be added this way (generally, self-signed only, or at all).

PD: Excuse for my last comments in #496 and #369 , and the fact i went missing in action without notice due to several reasons around February 2020.

PD2: The commit message says:

...but that isn't a CA certificate, it's the site's certificate.

Answer 3 · 2022-09-02T02:18:31.000Z

Welcome back! I don't know much about certificates, so it's very probable I just did the wrong thing. If you want to open a PR with what you think is the right certificate, I'd pull it.

Some users have also reported the issue resolves after tapping "Force Update" in the menu, but it's not clear to me why.

Answer 4 · 2022-09-05T00:39:55.000Z

Hello again.

After a couple tests and a lot of suffering (with dev env setup, due to things doing what they should do, not what i intended), i got an apk tentatively fixed (though it's really a workaround for a gatherer ssl issue, rather than a fix).

Only tested it a couple times on an emulator, seems to work:
mtg-familiar__master_d844895645__w_ca_workarroud.apk.gz

I'll try to get a pull request ready when i have the time (can't promise though😔).

Answer 5 · 2022-09-05T03:05:42.000Z

Environment setup is the worst. I'll certainly take a workaround if you PR one!

Answer 6 · 2022-09-05T09:32:41.000Z

@AEFeinstein : PR is ready for review and merge
.

Answer 7 · 2022-09-05T11:44:49.000Z

Woo! Thanks for the help!

Answer 8 · 2023-04-26T02:14:46.000Z

Theoretically resolved in 7a9d3e8 but I got an email from a user that it's still happening.

Answer 9 · 2024-01-14T16:39:31.000Z

Workaround added in bd22cdf