Error de conexión (Connection error)

[vespucci-reporter]

Description:

Hola. Hablo para reportar un problema que estoy presentando. Intento descargar un área para editar en la app. Pero entonces Vespucci me dice que no se pudo conectar al servidor. Estoy usando una conexión Wi-Fi y sigo presentando este problema.

Device info:

App version	20.0.0.0
App version code	2801
Android build version	J111MUBU0AQF2
Android release version	5.1.1
Android SDK version	22
Android build ID	LMY47V.J111MUBU0AQF2
Device brand	samsung
Device manufacturer	samsung
Device name	j1acevelte
Device model	SM-J111M
Device product name	j1acevelteub
Device hardware name	sc8830
ABIs	[armeabi-v7a, armeabi]
ABIs (32bit)	[armeabi-v7a, armeabi]
ABIs (64bit)	[]

[simonpoole]

Hi were you able to connect to openstreetmap.org with your device while Vespucci wasn't able to?

[simonpoole]

Not actionable.

[AntonKhorev]

Hi were you able to connect to openstreetmap.org

Yes.

I had to go to settings > advanced preferences > server settings > osm api url, switch to sandbox api, download an area, switch back to live api and only after that I could login and download data.

[simonpoole]

@AntonKhorev but you were not the person reporting the issue? Or were you?

[AntonKhorev]

I'm not the one who opened this issue.

[simonpoole]

I'm not the one who opened this issue.

Sorry just wanted to be sure, I've seen the same behaviour on a friends device in the mean time.

Question: did the migration to OAuth2 work for you and have you previously used offline data?

[AntonKhorev]

Currently I have a "Vespucci 3rd party" authorization in https://www.openstreetmap.org/oauth2/authorized_applications and I still have switch to sandbox if Vespucci stops.

I didn't notice any migration messages when this started happening. I saw them later when I tried installing various versions of Vespucci.

[AntonKhorev]

Here's what I see if I don't download from sandbox first:

[AntonKhorev]

Offline data: I don't know, usually I have data from a previous editing session.

[AntonKhorev]

Connection errors started happening when I tried editing with version 20.0.1.0 for the first time (all versions are from F-Droid). I went back to 20.0.0.0 and also got connection errors. Then I went back to 19.3.5.0 and I still got connection errors.

After that I checked my last successful edit and it was with 20.0.0.0: https://www.openstreetmap.org/changeset/150552983 No connection errors were happening at that time.

[simonpoole]

.. and I still have switch to sandbox if Vespucci stops.

So you are still seeing the behaviour? If so could you immediately after you get the error message send a crash dump (main overflow menu -> Debug -> Button at the bottom of the screen), pls include a reference to this issue in the comment.

[simonpoole]

@AntonKhorev got the dump, unluckily it missed the relevant bit. We only receive 500 lines of logs and and an issue with an unrelated app used up most of that. If you want to, you can try again, perhaps try to make the device as quiescent as possible.

[simonpoole]

@AntonKhorev is this still occurring?

[AntonKhorev]

still occurring in v20.0.1.0

[SlavaZoid]

I have the same problem. I am using Android 7.

[simonpoole]

@SlavaZoid
It could be an issue with the version created by F-Droid, but in any case just to re-iterate:

• you are seeing this (the error) when trying to download?
• and the API configuration for your current entry looks like

[SlavaZoid]

all settings are made as shown in the screenshot.

https://drive.google.com/file/d/1eI7IIaLmqhStwiELzCd9dYiEfLX1uvbB/view?usp=drivesdk

The app was installed from Google Play. ver: 20.0.2.0

[simonpoole]

Could you try to send in a crash dump immediately after you get the error message (as described above), please indicate that it is for this error.

[SlavaZoid]

I'm not sure if I did everything right.

1. I received an error message
2. Pressed the buttons: ... - Information - Send debugging information.
3. Added the signature: Connection error (from SlavaZoid)

[simonpoole]

@SlavaZoid Thanks that worked and the issue is obvious now.

Seems as if some devices don't have the correct certificates installed, or there is a configuration issue on the OSM API side of things.

According to @datendelphin installing the ISRG root X1 certificate manually fixes the issue. See https://letsencrypt.org/certificates/

06-11 11:02:45.572 E/Server  (29181): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
06-11 11:02:45.572 E/Server  (29181): 	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:549)
06-11 11:02:45.572 E/Server  (29181): 	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:508)
06-11 11:02:45.572 E/Server  (29181): 	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:401)
06-11 11:02:45.572 E/Server  (29181): 	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:375)
06-11 11:02:45.572 E/Server  (29181): 	at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:304)
06-11 11:02:45.572 E/Server  (29181): 	at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
06-11 11:02:45.572 E/Server  (29181): 	at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
06-11 11:02:45.572 E/Server  (29181): 	at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:178)
06-11 11:02:45.572 E/Server  (29181): 	at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:596)
06-11 11:02:45.572 E/Server  (29181): 	at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
06-11 11:02:45.572 E/Server  (29181): 	at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
06-11 11:02:45.572 E/Server  (29181): 	... 25 more
06-11 11:02:45.572 E/Server  (29181): Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
06-11 11:02:45.572 E/Server  (29181): 	... 36 more
06-11 11:02:45.572 E/Server  (29181): Problem accessing capabilities
06-11 11:02:45.572 E/Server  (29181): javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
06-11 11:02:45.572 E/Server  (29181): 	at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:361)
06-11 11:02:45.572 E/Server  (29181): 	at y6.b.f(SourceFile:78)
06-11 11:02:45.572 E/Server  (29181): 	at y6.b.c(SourceFile:125)
06-11 11:02:45.572 E/Server  (29181): 	at y6.d.d(SourceFile:258)
06-11 11:02:45.572 E/Server  (29181): 	at y6.d.e(SourceFile:7)
06-11 11:02:45.572 E/Server  (29181): 	at x6.a.a(SourceFile:423)
06-11 11:02:45.572 E/Server  (29181): 	at z6.g.b(SourceFile:150)
06-11 11:02:45.572 E/Server  (29181): 	at z6.g.a(SourceFile:7)
06-11 11:02:45.572 E/Server  (29181): 	at x6.a.a(SourceFile:133)
06-11 11:02:45.572 E/Server  (29181): 	at z6.g.b(SourceFile:150)
06-11 11:02:45.572 E/Server  (29181): 	at z6.g.a(SourceFile:7)
06-11 11:02:45.572 E/Server  (29181): 	at z6.a.a(SourceFile:240)
06-11 11:02:45.572 E/Server  (29181): 	at z6.g.b(SourceFile:150)
06-11 11:02:45.572 E/Server  (29181): 	at z6.h.a(SourceFile:37)
06-11 11:02:45.572 E/Server  (29181): 	at z6.g.b(SourceFile:150)
06-11 11:02:45.572 E/Server  (29181): 	at z6.g.a(SourceFile:7)
06-11 11:02:45.572 E/Server  (29181): 	at okhttp3.z.d(SourceFile:101)
06-11 11:02:45.572 E/Server  (29181): 	at okhttp3.z.a(SourceFile:37)
06-11 11:02:45.572 E/Server  (29181): 	at de.blau.android.osm.Server.D(SourceFile:69)
06-11 11:02:45.572 E/Server  (29181): 	at de.blau.android.osm.Server.m(SourceFile:9)
06-11 11:02:45.572 E/Server  (29181): 	at de.blau.android.osm.Server.l(SourceFile:9)
06-11 11:02:45.572 E/Server  (29181): 	at de.blau.android.Logic.z(SourceFile:89)
06-11 11:02:45.572 E/Server  (29181): 	at de.blau.android.Logic$2.a(SourceFile:45)
06-11 11:02:45.572 E/Server  (29181): 	at de.blau.android.util.c.call(SourceFile:11)
06-11 11:02:45.572 E/Server  (29181): 	at java.util.concurrent.FutureTask.run(FutureTask.java:237)
06-11 11:02:45.572 E/Server  (29181): 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
06-11 11:02:45.572 E/Server  (29181): 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
06-11 11:02:45.572 E/Server  (29181): 	at java.lang.Thread.run(Thread.java:761)
06-11 11:02:45.572 E/Server  (29181): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
06-11 11:02:45.572 E/Server  (29181): 	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:549)
06-11 11:02:45.572 E/Server  (29181): 	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:508)
06-11 11:02:45.572 E/Server  (29181): 	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:401)
06-11 11:02:45.572 E/Server  (29181): 	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:375)
06-11 11:02:45.572 E/Server  (29181): 	at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:304)
06-11 11:02:45.572 E/Server  (29181): 	at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
06-11 11:02:45.572 E/Server  (29181): 	at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
06-11 11:02:45.572 E/Server  (29181): 	at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:178)
06-11 11:02:45.572 E/Server  (29181): 	at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:596)
06-11 11:02:45.572 E/Server  (29181): 	at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
06-11 11:02:45.572 E/Server  (29181): 	at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
06-11 11:02:45.572 E/Server  (29181): 	... 27 more
06-11 11:02:45.572 E/Server  (29181): Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
06-11 11:02:45.572 E/Server  (29181): 	... 38 more
06-11 11:02:45.572 D/Server  (29181): getStreamForBox
06-11 11:02:45.572 D/OsmoseServer(29181): getBugsForBox
06-11 11:02:45.573 D/Server  (29181): get input stream for  https://api.openstreetmap.org/api/0.6/map?bbox=27.3069058,53.9495669,27.3183248,53.9599754

[SlavaZoid]

Deleted the current certificate and installed a new one. I tried isrrootx1.pem, then isrg-root-x1-cross-signed.pem. Page https://valid-isrgrootx1.letsencrypt.org the phone open without errors, but the program still reports a server error. crash dump sent.

I looked at the logcat. The error is the same:
06-11 14:39:25.508 E/Server ( 8832): javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

[AntonKhorev]

I had to go to settings > advanced preferences > server settings > osm api url, switch to sandbox api, download an area, switch back to live api and only after that I could login and download data.

Actually I don't have to download an area. Switching to the sandbox api, exiting the settings, switching back to the main api is enough. v20.0.2.0.

[SlavaZoid]

And it worked!!!
Anton, thank you
Thank you all for your help.

[simonpoole]

Page https://valid-isrgrootx1.letsencrypt.org

That is likely misleading, browsers typically maintain their own trust store and do not use the system provided one. The fact that opening a connection to the dev server "magically" fixes the issue seems to be highly suspect.

[simonpoole]

See https://community.letsencrypt.org/t/letsencrypt-certificates-fails-on-android-phones-running-android-7-or-older/205686/2 essentially I suspect you are all screwed. I will give providing our own trust store a look but I wouldn't get my hopes high.

See also #1277

[simonpoole]

Note that as mentioned on the release the fix doesn't resolve the issue for anything that uses a webview with other words re-authenticating to openstreetmap.org will currently not work. However we have a fix in the works for that too.

See #2578

[SlavaZoid]

I installed version 20.0.3 Release. Everything is working well. Thank you.