Domain specific configurations require that hostname aware checkServerTrusted

Are you working with our Cloud version of Backendless? The one that is at api.backendless.com ?

No, i was using free version.

Free version of what? What is the version number?

image1251×278 29.3 KB

version no of backendless ??

implementation ‘com.backendless:backendless:5.0.2’

It must be something with the client-side (the machine that runs the emulator). There are no known issues with the certificate on our side. You can check the validity of the certificate at: https://www.sslshopper.com/ssl-checker.html#hostname=api.backendless.com

but i tried in my personal device also, gives me same error…
Here the actual error
BackendlessFault{ code: ‘Internal client exception’, message: ‘Domain specific configurations require that hostname aware checkServerTrusted(X509Certificate, String, String) is used’, detail: 'javax.net.ssl.SSLHandshakeException: Domain specific configurations require that hostname aware checkServerTrusted(X509Certificate, String, String) is used
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:355)
at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:193)
at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:150)
at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:112)
at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:319)
at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:245)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:473)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:262)
at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getOutputStream(DelegatingHttpsURLConnection.java:218)
at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getOutputStream(Unknown Source:0)
at weborb.client.ioEngine.HttpIOEngine.send(HttpIOEngine.java:195)
at weborb.client.ioEngine.HttpIOEngine.invoke(HttpIOEngine.java:140)
at weborb.client.WeborbClient.invoke(WeborbClient.java:138)
at com.backendless.Invoker.invokeSync(Invoker.java:95)
at com.backendless.Invoker$1.run(Invoker.java:71)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)
Caused by: java.security.cert.CertificateException: Domain specific configurations require that hostname aware checkServerTrusted(X509Certificate, String, String) is used
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:111)
at weborb.client.ioEngine.EasyX509TrustManager.checkServerTrusted(EasyX509TrustManager.java:73)
at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:207)
at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:592)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:351)
… 21 more
', extendedData: ‘{}’ }

As a workaround you can do the following in your code before you make the call to Backendless.initApp:

Backendless.setUrl( "http://api.backendless.com" );

Hi,

In my case the problem was:

Starting with Android P, non-encrypted text traffic (HTTP not encrypted) will be blocked by default and I was using Facebook Ads SDK(It uses HTTP not encrypted to caches its ads) so in order to mitigate this, it is possible to authorize unencrypted text traffic at the specific addresses with an xml configuration file for network security:
Android Network security config

Since I put that xml config file in my project Facebook Ads worked but Backendless didn’t… so lucky for me I could remove the Facebook Ads SDK from my project, so I did it and since I don’t use that XML all works like a charm.

I hope this could help.

I am also facing this issue… and I still need Facebook Ads SDK, so what can I do??
I thought it is related to WeborbClient logic, can you share the source code??

@Kilik_Dirty, are you asking how to switch the Backendless traffic to http:// ?

No, I facing the same issue, when I set a network security config for Facebook ads sdk, then the backendless Android SDK can not work normally. The error message is the same with this thread.

You can also reference to facebook document:
https://developers.facebook.com/docs/audience-network/android-network-security-config/

I thought it is related to the logic inside the WeborbClient.

I am using Android 9.0 device, following is the config file:

<domain-config cleartextTrafficPermitted="true">
    <domain includeSubdomains="true">127.0.0.1</domain>
</domain-config>

@Kilik_Dirty, are you getting the same error as described here?

yes… but the workaround will use “http”… it is not a good way…

Yes, that’s a workaround. The actual fix would be on the Facebook side (if/when they will ever learn about security)

I don’t think so… since REST API can work fine.
You can’t rely on Facebook fix

If rest works fine, that’s your other workaround.

As for Facebook, I am not convinced that the problem is on our side. You can see from the stack trace that we simply open a connection with the backend and the error comes from the inner workings of Android.

Which means… you didn’t debug in detail, I thought it is related to WeborbClient. Backendless team should investigate it and NOT JUST WANT WORKAROUND!

Certainly we debugged it in plenty of detail, we just will not introduce any workarounds for some crappy FB implementations.

If you look at the stack trace, you will see that the weborb client does getOutputStream on an HTTPURLConnnection:

'javax.net.ssl.SSLHandshakeException: Domain specific configurations require that hostname aware checkServerTrusted(X509Certificate[], String, String) is used
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:355)
at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:193)
at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:150)
at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:112)
at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:319)
at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:245)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:473)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:262)
at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getOutputStream(DelegatingHttpsURLConnection.java:218)
at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getOutputStream(Unknown Source:0)
at weborb.client.ioEngine.HttpIOEngine.send(HttpIOEngine.java:195)```

It is a very easy concept. Why other sdk can work with https normally in a project with FB Ads SDK?

H have this problem too
also there is no problem on Android 4.3
Tested