(Api <23, Parse 1.13.1, .server("https://xxx.scalabl.cloud/1/") ) HTTPS Certificate error.

[needsst]

Get i/o error.
From interceptor : java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

Fixed by use HTTP server url.

[needsst]

Or simply fixed for use HTTPS :

import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/**
 * Created by sst on 18.06.16.
 */
public class HttpsTrustManager implements X509TrustManager {

  private static TrustManager[] trustManagers;
  private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[]{};

  @Override
  public void checkClientTrusted(
      java.security.cert.X509Certificate[] x509Certificates, String s)
      throws java.security.cert.CertificateException {

  }

  @Override
  public void checkServerTrusted(
      java.security.cert.X509Certificate[] x509Certificates, String s)
      throws java.security.cert.CertificateException {

  }

  public boolean isClientTrusted(X509Certificate[] chain) {
    return true;
  }

  public boolean isServerTrusted(X509Certificate[] chain) {
    return true;
  }

  @Override
  public java.security.cert.X509Certificate[] getAcceptedIssuers() {
    return _AcceptedIssuers;
  }

  public static void allowAllSSL() {
    HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {

      @Override
      public boolean verify(String arg0, SSLSession arg1) {
        return true;
      }

    });

    SSLContext context = null;
    if (trustManagers == null) {
      trustManagers = new TrustManager[]{new HttpsTrustManager()};
    }

    try {
      context = SSLContext.getInstance("TLS");
      context.init(null, trustManagers, new SecureRandom());
    } catch (NoSuchAlgorithmException e) {
      e.printStackTrace();
    } catch (KeyManagementException e) {
      e.printStackTrace();
    }

    HttpsURLConnection.setDefaultSSLSocketFactory(context
        .getSocketFactory());
  }
}

and after Parse.initialize(xxx);
add -
HttpsTrustManager.allowAllSSL();

[posativ]

Don't do this.

Use OkHttp3 to handle SSL on older devices properly .

[danielapsmaior]

@posativ Could you help me to "handle SSL properly"?
I'm having issues on older Androids:

I/ParseLogInterceptor(27817): --------------
I/ParseLogInterceptor(28236): Type : Request
I/ParseLogInterceptor(28236): Request-Id : 0
I/ParseLogInterceptor(28236): Url : https://site.com/parse/functions/cloudFunction
I/ParseLogInterceptor(28236): Method : POST
I/ParseLogInterceptor(28236): Headers : {X-Parse-Application-Id=app_id, X-Parse-App-Display-Version=1.0.3, X-Parse-Installation-Id=xxxx, Content-Length=40, X-Parse-OS-Version=4.4.2, User-Agent=Parse Android SDK 1.13.1 (mypackage/15) API Level 19, Content-Type=application/json, X-Parse-Client-Key=null, X-Parse-Client-Version=a1.13.1, X-Parse-App-Build-Version=15}
I/ParseLogInterceptor(28236): Body : {
I/ParseLogInterceptor(28236):     "platform": "android",
I/ParseLogInterceptor(28236):     "version": "4.4.2"
I/ParseLogInterceptor(28236): }
I/ParseLogInterceptor(28236): --------------
I/ParseLogInterceptor(28236): Type : Error
I/ParseLogInterceptor(28236): Request-Id : 0
I/ParseLogInterceptor(28236): Error : javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x566c2c38: Failure in SSL library, usually a protocol error
I/ParseLogInterceptor(28236): error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error (external/openssl/ssl/s23_clnt.c:744 0x54d7e6fd:0x00000000)

[posativ]

• build Parse SDK with only add client key if non-null #506 (or set empty, non-null client key)
• add OkHttp3 to your dependencies

[danielapsmaior]

Hi @posativ , thank you for your help, but it didn't make any difference. I've set a non-null client key and added compile 'com.squareup.okhttp3:okhttp:3.4.1'.

What's working best for me right now is using GooglePlayServicesUtil ProviderInstaller.installIfNeeded(this), only for Android >= API16.

Below that, I think I would have to build a custom SocketFactory and use it like here
new OkHttpClient.Builder().sslSocketFactory(new TLSSocketFactoryCompat()).build();

Would it be possible to make Parse use this OkHttpClient?

EDIT
Just found out that something was wrong with Parse repository.. It was 1.13.1 but the code was using Okttp2. I'm using JAR lib now and it works.

[posativ]

See #505.

[RafaRuiz]

@needsst does that workaround (working for me) could cause any breach into the security?

Thank you

[rogerhu]

Yeah the 1.13.1 was pushed out incorrectly (#491 (comment)). Can this ticket be closed?