Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

trust anchor for certification path not found #11203

Closed
6 tasks done
hueldoeu opened this issue Jun 22, 2024 · 8 comments
Closed
6 tasks done

trust anchor for certification path not found #11203

hueldoeu opened this issue Jun 22, 2024 · 8 comments
Labels
question Not really an issue, but more of a question about how something works

Comments

@hueldoeu
Copy link

Checklist

  • I am able to reproduce the bug with the latest version given here: CLICK THIS LINK.
  • I made sure that there are no existing issues - open or closed - which I could contribute my information to.
  • I have read the FAQ and my problem isn't listed.
  • I have taken the time to fill in all the required details. I understand that the bug report will be dismissed otherwise.
  • This issue contains only one bug.
  • I have read and understood the contribution guidelines.

Affected version

0.27.0

Steps to reproduce the bug

i add the newpipe repo to my samsung galaxy Tab S2 with android 7.0 and get the error:

trust anchor for certification path not found

Expected behavior

i add the newpipe repo to my samsung galaxy Tab S2 with android 7.0 and get no error

Actual behavior

from then on i have to hope that team f-droid is delivering newpipe-updates faster than usual.

i think it's because of tls 1.3 of the newpipe repo tls certificate

Screenshots/Screen recordings

No response

Logs

No response

Affected Android/Custom ROM version

No response

Affected device model

No response

Additional information

No response
@hueldoeu hueldoeu added bug Issue is related to a bug needs triage Issue is not yet ready for PR authors to take up labels Jun 22, 2024
@hueldoeu
Copy link
Author

it's a newpipe specific problem. https://forum.f-droid.org/t/trust-anchor-for-certification-path-not-found-2/26556

@opusforlife2
Copy link
Collaborator

It's an Android 7.0-specific problem, actually. You're unable to use any website/content which has used Let's Encrypt to get the HTTPS certificate.

This was fixed in Android 7.1.1, just in case you're able to upgrade. Otherwise, there's a workaround talked about here: https://community.letsencrypt.org/t/support-for-android-7-and-older-from-oct-2024/216446/2

@opusforlife2 opusforlife2 added the waiting for author If the author doesn't respond, the issue will be auto-closed. Otherwise the label will be removed. label Jun 23, 2024
@licaon-kter
Copy link
Contributor

and https://f-droid.org/docs/Running_on_old_Android_versions/

@hueldoeu
Copy link
Author

hueldoeu commented Jun 26, 2024
edited
Loading

i have added ISRG Root X1 and X2 to settings => device safety => other security settings => install from sd-card and i named them

  • ISRG Root X1 - Let's encrypt
  • ISRG Root X2 - Let's Encrypt
    image
    i used them. from https://letsencrypt.org/de/certificates/
    if i remove enhanced security (low security is swiping, and enhanced is a pin-code or in my sitution a pattern), the certificates will be deleted

maybe i wrote the names wrong or doesn't matter?
it still doesn't work, same error.

@github-actions github-actions bot removed the waiting for author If the author doesn't respond, the issue will be auto-closed. Otherwise the label will be removed. label Jun 26, 2024
@hueldoeu
Copy link
Author

it's a newpipe specific problem. https://forum.f-droid.org/t/trust-anchor-for-certification-path-not-found-2/26556

i have NO IDEA why i wrote newpipe, maybe because newpipe uses tls cert from let's encrypt. it's a problem with android 7.0, f-droid a little bit and the chaintrust team(?) of let's encrypt

@licaon-kter
Copy link
Contributor

on 7.0 you're double unlucky, see https://blog.jeroenhd.nl/article/android-7-nougat-and-certificate-authorities

the good news is that next F-Droid version should fix it per https://gitlab.com/fdroid/fdroidclient/-/merge_requests/1402/diffs

@hueldoeu
Copy link
Author

on 7.0 you're double unlucky, see https://blog.jeroenhd.nl/article/android-7-nougat-and-certificate-authorities

the good news is that next F-Droid version should fix it per https://gitlab.com/fdroid/fdroidclient/-/merge_requests/1402/diffs

you mean "This change means that installing a certificate authority is rather pointless: even though the certificate is installed, very few apps actually trust the certificate. The default browser, Google Chrome, doesn't even trust user certificates!" ?

@opusforlife2
Copy link
Collaborator

Alright, so everything's good here.

@opusforlife2 opusforlife2 added question Not really an issue, but more of a question about how something works and removed bug Issue is related to a bug needs triage Issue is not yet ready for PR authors to take up labels Jun 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Not really an issue, but more of a question about how something works
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@licaon-kter @hueldoeu @opusforlife2