1

I'm using https://github.com/lingochamp/FileDownloader for downloading from https server. I'm getting the exception on below android 7 only while downloading.

Trust anchor for certification path not found

I have tried adding network_security_config from https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html but this didn't solve the problem. Can anyone help me please? Code snippet of initializing file downloader:

FileDownloader.setupOnApplicationOnCreate(this)
                .connectionCreator(
                    FileDownloadUrlConnection.Creator(
                        FileDownloadUrlConnection.Configuration()
                            .connectTimeout(15000) // set connection timeout.
                            .readTimeout(15000) // set read timeout.
                    )
                )
                .commit()
Nafia Mahjabin
  • 53
  • 5
  • 1
    Probably the https server has a faulty certificate, which fails the handshake - care to share the file URL so I'll check the certificate validity? It's also possible that the device's trusted root CA set is outdated (device should be super-old) – Shlomi Katriel Apr 11 '22 at 07:37
  • its root CA (ISRG Root X2 by Internet Security Research Group organization) is valid until 2040 so SSL handshake should pass. more possible reasons for failure: Local network is intercepted (does it reproduces on cellular network?), ISRG Root X2 is manually disabled in device settings (do you have access to device?) or device time was fast-forwarded to past 2040. – Shlomi Katriel Apr 11 '22 at 07:56
  • Yes I have access to the device and the time is correctly set. Local network isn't intercepted because it is working fine for other url such as https://images.pexels.com/photos/207582/pexels-photo-207582.jpeg?auto=compress&cs=tinysrgb&dpr=2&h=750&w=1260 . I have checked the settings. There's no security option which is disabled. – Nafia Mahjabin Apr 11 '22 at 08:16
  • Is the device updated to the latest version (both security patch and os)? – Shlomi Katriel Apr 11 '22 at 08:26
  • yes, it is updated – Nafia Mahjabin Apr 11 '22 at 08:31
  • Is there a way to attache a custom `X509TrustManager` to the `FileDownloader`? I wound print all of the certificate chain details (most importantly - validation period, subject strings, thumbprints) to deep dive into the handshake. If you could share this details it'll be great. BTW, sorry if I'm wasting your time :) – Shlomi Katriel Apr 11 '22 at 08:40
  • I couldn't find any way to add custom trust manager to file downloader. Btw, your aren't wasting my time at all. I'm badly stuck on this issue for more than 24 hours. Thank you for your response anyway. – Nafia Mahjabin Apr 11 '22 at 09:06
  • Were you able to solve the problem? – OEThe11 Oct 03 '22 at 18:21

0 Answers0