Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Trust anchor for certification path not found on 1.5.2 and No peer certificates on 1.4.0
See original GitHub issueHaving problem to connect. Only 1.4 connects *(sometimes), but most of times it says certificate problem like this:
_[2022-08-12 11:54:26.883] Establish VPN connection
[2022-08-12 11:54:27.532] An unexpected event occurred:
SSLPeerUnverifiedException
No peer certificates
com.android.org.conscrypt.SessionSnapshot.getPeerCertificates(SessionSnapshot.java:136)
com.android.org.conscrypt.ExternalSession.getPeerCertificates(ExternalSession.java:106)
com.android.org.conscrypt.Java7ExtendedSSLSession.getPeerCertificates(Java7ExtendedSSLSession.java:129)
com.android.org.conscrypt.Java7ExtendedSSLSession.getPeerCertificates(Java7ExtendedSSLSession.java:31)
kittoku.osc.layer.SslTerminal.createSocket(SslTerminal.kt:90)
kittoku.osc.layer.SslTerminal.initializeSocket$app_debug(SslTerminal.kt:123)
kittoku.osc.layer.SstpClient.proceed$app_debug(SstpClietnt.kt:160)
kittoku.osc.ControlClient$launchJobIncoming$1.invokeSuspend(ControlClient.kt:210)
kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
kotlinx.coroutines.DispatchedTask.run(Dispatched.kt:241)
kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:594)
kotlinx.coroutines.scheduling.CoroutineScheduler.access$runSafely(CoroutineScheduler.kt:60)
kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:740)
[2022-08-12 11:54:27.535] Terminate VPN connection_
The most recent version(1.5.2) says when I try to connect:*
[2022-08-12 11:50:48.865] Establish VPN connection
[2022-08-12 11:50:49.511] OSC: ERR_UNEXPECTED
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:363)
at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1134)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1089)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:876)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712)
at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:858)
at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.access$100(ConscryptEngineSocket.java:731)
at com.android.org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:241)
at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:220)
at kittoku.osc.terminal.SSLTerminal.createSocket(SSLTerminal.kt:111)
at kittoku.osc.terminal.SSLTerminal.access$createSocket(SSLTerminal.kt:28)
at kittoku.osc.terminal.SSLTerminal$initializeSocket$2.invokeSuspend(SSLTerminal.kt:38)
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665)
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:672)
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:549)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:505)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:425)
at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:353)
at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:90)
at com.android.org.conscrypt.ConscryptEngineSocket$2.checkServerTrusted(ConscryptEngineSocket.java:163)
at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:255)
at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1638)
at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:569)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1095)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1079)
... 16 more
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
... 30 more
[2022-08-12 11:50:49.515] Terminate VPN connection
Could you help me to undrestand of fix the issue_? PLEASE (BIG PLEASE). I’ve changed the cert, installed or not, I’ve downloaded source code and debugged also, it seems to locate fine the CERT_DIR folder in both versions, and trust anchor says user and system, so, I don’t have a clue.
Issue Analytics
- State:
- Created a year ago
- Comments:9 (4 by maintainers)
Top Results From Across the Web
Trust Anchor not found for Android SSL Connection
After installing the intermediate certificates provided by my certificate issuer I now have no errors when connecting using HttpsUrlConnection. Share.
Read more >[SOLVED]Android - Trust anchor for certification path not found
Hey I have a weird problem with my Android client. I'm running Seafile Server on Arch Linux ARM Raspberry Pi 2 at home....
Read more >java.security.cert.CertPathValidatorException: Trust anchor for ...
Hello,. It's caused by the JVM/Dalvik haven't not confidence in the CA certificates in the system or in the user certificate stores. You...
Read more >RFC 4158 - Internet X.509 Public Key Infrastructure
Certification path processing establishes a chain of trust between a trust anchor and a certificate. This chain of trust is composed of a...
Read more >Path Discovery Test Suite
In this test, there is a non-hierarchical mesh between the trust anchor and the end entity certificate. Procedure: . Validate Basic HTTP...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I have only one certificate. The one that server issued for me. That one with the ====BEGIN CERTIFICATE==== etc. When debugging the app I see it reads ok the certificate with all the fields: Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=myserver.com, O=myserver.com, OU=myserver.com, C=US Validity Not Before: Mar 2 22:35:26 2022 GMT Not After : Dec 31 22:35:26 2037 GMT Subject: CN=myserver.com, O=clientes.administracomercios.com, OU=myserver.com, C=US Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit)
And so on. So what should I do_?, more certificates are needed_?
I tried other simmilar apps now. Happens with other 3 SSTP apps I tried, so now I guess it is a server issue. Or certificate issue.