Comments (25)
proninyaroslav
commented on August 16, 2024
Does this happen when connected or at download time?
from download-navi.
Pentaphon
commented on August 16, 2024
@proninyaroslav It tries to download it but it goes to the completed tab with "Error: Handshake Failed". Just paste that link into the manager and you will see this.
from download-navi.
proninyaroslav
commented on August 16, 2024
I tried to download the first few seconds and didn't see the error
from download-navi.
Pentaphon
commented on August 16, 2024
@proninyaroslav That's odd. Not sure why you don't see it. I got it 3 times in a row.
from download-navi.
proninyaroslav
commented on August 16, 2024
This error indicates that there is no certificate on the device. I use only system certificates.
from download-navi.
proninyaroslav
commented on August 16, 2024
I will think how to fix it.
from download-navi.
proninyaroslav
commented on August 16, 2024
Most likely fixed: 7ac9b1d. I can't check this error, but if you come across it in a future release, feel free to reopen issue.
from download-navi.
mrblarg64
commented on August 16, 2024
I still get this error on 1.3.1 (f-droid) on my server.
I am using this application because the built-in downloadmanager in lineage os 14.1 has the same problem. The browser (jelly) works fine, however if I try to save/download something it fails.
I am running a rather "unique" configuration.
https://www.ssllabs.com/ssltest/analyze.html?d=www.bernmern.ca
from download-navi.
proninyaroslav
commented on August 16, 2024
This is primarily the problem of missing SSL root certificates. Alternatively, it's possible to disable the check (make it optional), but I would not recommend doing this, especially in the downloader app, which will be vulnerable to various kinds of attacks. If you think otherwise, you can open an issue with this proposal.
from download-navi.
mrblarg64
commented on August 16, 2024
I was going to manually install the missing root certificate, then I found out it is already there.
I was able to verify that the root certificate is indeed installed on the lineage os 14.1 device (it is installed by default) (Settings -> Security -> Trusted credentials -> The USERTRUST Network) serial number: "01:FD:6D:30:FC:A3:CA:51:A8:1B:BC:64:0E:35:03:2D"
Edit: sha-256 fingerprint: "E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2"
There is no missing root certificate.
Copy-pasted from ssl labs:
1 Sent by server bernmern.ca
Fingerprint SHA256: 0f8bdc5542ee53ac1431888336919a2552b5dca37dd43f8aff419312a9f7e0db
Pin SHA256: SiLOTvp9cFHhHTSjB0ULzM1e+dKlDh8KVo3Wppp17i4=
RSA 8192 bits (e 65537) / SHA256withRSA
2 Sent by server Sectigo RSA Domain Validation Secure Server CA
Fingerprint SHA256: 7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676
Pin SHA256: 4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng=
RSA 2048 bits (e 65537) / SHA384withRSA
3 In trust store USERTrust RSA Certification Authority Self-signed
Fingerprint SHA256: e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd2
Pin SHA256: x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=
RSA 4096 bits (e 65537) / SHA384withRSA
from download-navi.
proninyaroslav
commented on August 16, 2024
@mrblarg64
I just checked downloading from your site on my device (Android 10) and there is no problem with the certificate. Maybe I'm using the wrong link?
from download-navi.
mrblarg64
commented on August 16, 2024
Looks like the right link, any bernmern.ca/www.bernmern.ca https link should trigger this behaviour.
from download-navi.
proninyaroslav
commented on August 16, 2024
@mrblarg64
What version of Navi and Android are you using?
from download-navi.
mrblarg64
commented on August 16, 2024
Download Navi - 1.5 (f-droid)
Android - Lineage OS 14.1 (Android 7.1.2)
I would speculate it has something to do with OS libraries (I have no idea how android/java works), based on what I said earlier...
The built-in downloadmanager in lineage os 14.1 has the same problem. The browser (jelly) works fine, however if I try to save/download something in the browser it fails.
from download-navi.
proninyaroslav
commented on August 16, 2024
This is a possible solution https://support.sectigo.com/PS_KnowledgeDetailPage?Id=kA01N000000zFL1
from download-navi.
mrblarg64
commented on August 16, 2024
My server is already sending the certificate chain (see above ("Copy-pasted from ssl labs....")).
There is no need to send the root.
from download-navi.
proninyaroslav
commented on August 16, 2024
I tried to download in three different versions of Android: 5.1, 7.1 and 8.1. And 7.1 failed with a similar message, while 8.1 and 5.1 downloaded it without problems. It's pretty funny and weird. It's possible that Android 7.1 contains some kind of bug in the network layer, or doesn't contain the entire chain of trusted certificates. Have you checked it?
from download-navi.
mrblarg64
commented on August 16, 2024
Have you checked it?
Assuming you mean the cert is being sent, yes, I have checked it.
A valid certificate chain that ends with The USERTRUST Network (serial number: "01:FD:6D:30:FC:A3:CA:51:A8:1B:BC:64:0E:35:03:2D" sha-256 fingerprint: "E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2") is being sent by the server.
Evidence:
1 Sent by server bernmern.ca
Fingerprint SHA256: 0f8bdc5542ee53ac1431888336919a2552b5dca37dd43f8aff419312a9f7e0db
Pin SHA256: SiLOTvp9cFHhHTSjB0ULzM1e+dKlDh8KVo3Wppp17i4=
RSA 8192 bits (e 65537) / SHA256withRSA
2 Sent by server Sectigo RSA Domain Validation Secure Server CA
Fingerprint SHA256: 7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676
Pin SHA256: 4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng=
RSA 2048 bits (e 65537) / SHA384withRSA
3 In trust store USERTrust RSA Certification Authority Self-signed
Fingerprint SHA256: e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd2
Pin SHA256: x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=
RSA 4096 bits (e 65537) / SHA384withRSA
You can verify yourself here:
https://www.ssllabs.com/ssltest/analyze.html?d=www.bernmern.ca
from download-navi.
proninyaroslav
commented on August 16, 2024
I'm talking about the presence of the entire chain on your device.
from download-navi.
mrblarg64
commented on August 16, 2024
Yes, the root certificate (number 3 in the list on the previous comment) is found in Settings -> Security -> Trusted credentials -> The USERTRUST Network. The other certificates are sent by the server as shown above. The 2 sent by the server coupled with the root form a valid chain.
Edit: typo
from download-navi.
proninyaroslav
commented on August 16, 2024
Have you checked the date of this certificate on the device?
from download-navi.
mrblarg64
commented on August 16, 2024
I'm not sure what you mean.
for the USERTRUST cert
On device:
it was issued on 2010-01-31
it expires on 2038-01-18
this matches what firefox shows on my laptop.
sha256 fingerprint and serial number also match
from download-navi.
proninyaroslav
commented on August 16, 2024
I think this is related to this bug in Android 7.0 https://issuetracker.google.com/issues/37122132. But they pointed out that it's fixed in 7.1.1. I can still reproduce this problem in 7.1.1.
from download-navi.
mrblarg64
commented on August 16, 2024
Would it be possible to include a TLS library (i.e. gnutls/openssl) in the app without depending on the operating system?
It appears that the browsers already do this and this is why the browser works fine (saw this link after going down the rabbit hole on the link you posted)
from download-navi.
proninyaroslav
commented on August 16, 2024
I think not, because this is an interaction with the Java library inside OS.
from download-navi.
Related Issues (20)
- URL-Redirects are part of history
- Crash when trying download
- Confirmation before cancelling the download from the cancel/cross button next to the download progress. HOT 2
- M3U8 Downloading support
- Download fails
- [Feature request] Open app on timeout notification click
- [Feature request] One-click paste from clipboard
- [New feature request]
- Monochromatic (themed) icon support
- Could not download Data URI/Blobs
- PENDING
- download
- Foreground service types are required on targetSdk 34
- PAR2 support
- Incorrect download speeds
- Downloading a whole folder
- Recalculate available Storage(if not enough)
- This project hasn't had any new code submitted for a long time HOT 3
- Capture media
- Get File Name
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from download-navi.