Support Topics Documentation Slack YouTube Blog

Domain specific configurations require that hostname aware checkServerTrusted


(Samuel Castro) #1

Hi there,

I hope you could help me with this problem:

I’m getting this trace as Backendless fault message when I try to save an object, it’s important to say that I’m using emulator with google play(Nexus 5) from AVD in Android Studio. I’ve been working with this emulator and Genymotion before and I didn’t get that error and I could save objects without problem. So my question is: Is there any new change in the configuration for certificates to use with backendless?

    BackendlessFault{ code: 'Internal client exception', message: 'Domain specific configurations require that hostname aware checkServerTrusted(X509Certificate[], String, String) is used', detail: 'javax.net.ssl.SSLHandshakeException: Domain specific configurations require that hostname aware checkServerTrusted(X509Certificate[], String, String) is used
	at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:229)
	at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:192)
	at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:149)
	at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:112)
	at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
	at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
	at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
	at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:281)
	at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:224)
	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:461)
	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:258)
	at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getOutputStream(DelegatingHttpsURLConnection.java:218)
	at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:26)
	at weborb.client.ioEngine.HttpIOEngine.send(HttpIOEngine.java:195)
	at weborb.client.ioEngine.HttpIOEngine.invoke(HttpIOEngine.java:140)
	at weborb.client.WeborbClient.invoke(WeborbClient.java:138)
	at com.backendless.Invoker.invokeSync(Invoker.java:95)
	at com.backendless.Invoker$1.run(Invoker.java:71)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
	at java.lang.Thread.run(Thread.java:764)
Caused by: java.security.cert.CertificateException: Domain specific configurations require that hostname aware checkServerTrusted(X509Certificate[], String, String) is used
	at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:111)
	at weborb.client.ioEngine.EasyX509TrustManager.checkServerTrusted(EasyX509TrustManager.java:73)
	at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:212)
	at com.android.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(ConscryptFileDescriptorSocket.java:404)
	at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
	at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:375)
	at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:224)
	... 21 more
', extendedData: '{}' }

Thanks in advance for your support.


(Mark Piller) #2

Hi Samuel,

To be honest, I do not quite understand what the error means. You can check the validity of our certificate here (and other sites which do a SSL cert checks):
https://www.sslshopper.com/ssl-checker.html#hostname=api.backendless.com

Regards,
Mark


(Anil Prajapati) #3

Hey, i got the same issue as reported, can any one know what to do for solutions,


(Mark Piller) #4

Are you working with our Cloud version of Backendless? The one that is at api.backendless.com ?


(Anil Prajapati) #5

No, i was using free version.


(Mark Piller) #6

Free version of what? What is the version number?


(Anil Prajapati) #7

version no of backendless ??

implementation ‘com.backendless:backendless:5.0.2’


(Mark Piller) #8

It must be something with the client-side (the machine that runs the emulator). There are no known issues with the certificate on our side. You can check the validity of the certificate at: https://www.sslshopper.com/ssl-checker.html#hostname=api.backendless.com


(Anil Prajapati) #9

but i tried in my personal device also, gives me same error…
Here the actual error
BackendlessFault{ code: ‘Internal client exception’, message: ‘Domain specific configurations require that hostname aware checkServerTrusted(X509Certificate[], String, String) is used’, detail: 'javax.net.ssl.SSLHandshakeException: Domain specific configurations require that hostname aware checkServerTrusted(X509Certificate[], String, String) is used
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:355)
at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:193)
at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:150)
at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:112)
at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:319)
at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:245)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:473)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:262)
at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getOutputStream(DelegatingHttpsURLConnection.java:218)
at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getOutputStream(Unknown Source:0)
at weborb.client.ioEngine.HttpIOEngine.send(HttpIOEngine.java:195)
at weborb.client.ioEngine.HttpIOEngine.invoke(HttpIOEngine.java:140)
at weborb.client.WeborbClient.invoke(WeborbClient.java:138)
at com.backendless.Invoker.invokeSync(Invoker.java:95)
at com.backendless.Invoker$1.run(Invoker.java:71)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)
Caused by: java.security.cert.CertificateException: Domain specific configurations require that hostname aware checkServerTrusted(X509Certificate[], String, String) is used
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:111)
at weborb.client.ioEngine.EasyX509TrustManager.checkServerTrusted(EasyX509TrustManager.java:73)
at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:207)
at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:592)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:351)
… 21 more
', extendedData: ‘{}’ }


(Mark Piller) #10

As a workaround you can do the following in your code before you make the call to Backendless.initApp:

Backendless.setUrl( "http://api.backendless.com" );


(Samuel Castro) #11

Hi,

In my case the problem was:

Starting with Android P, non-encrypted text traffic (HTTP not encrypted) will be blocked by default and I was using Facebook Ads SDK(It uses HTTP not encrypted to caches its ads) so in order to mitigate this, it is possible to authorize unencrypted text traffic at the specific addresses with an xml configuration file for network security:
Android Network security config

Since I put that xml config file in my project Facebook Ads worked but Backendless didn’t… so lucky for me I could remove the Facebook Ads SDK from my project, so I did it and since I don’t use that XML all works like a charm.

I hope this could help.