I am using standard way to connect to SSL server with self signed certificate described here: https://developer.android.com/training/articles/security-ssl.html for the "Unknown certificate authority".
Everything works up to the Android 7.
On Android 7 and above I am getting Certificate exception with the message: "java.security.cert.CertPathValidatorException: Trust anchor for certification path not found."
The only thing I managed to do is to create an "empty" X509TrustManager which accepts all certificates:
final TrustManager[] trustAllCerts = new TrustManager[]
{
new javax.net.ssl.X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { }
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() { }
};
//and then
sSslContext = SSLContext.getInstance("TLS");
sSslContext.init(null, trustAllCerts, null);
but when I am adding the verification to the checkServerTrusted function:
public void checkServerTrusted(java.security.cert.X509Certificate[]
chain, String authType) throws CertificateException {
((X509TrustManager) trustManager.checkServerTrusted(chain, authType);
}
everything remains the same
I also checked the sources of the conscrypt library and I see that checkTrusted function puts the leaf to the untrusted chain if leafAsAnchor == null which is the case.
So is that possible to use self-signed certificate in this way or no?
