[KDE Itinerary] [Bug 472851] SSL Handshake Failed in KDE Itinerary - Indoor Train Station Map Issue
https://bugs.kde.org/show_bug.cgi?id=472851 --- Comment #11 from reportthebug --- (In reply to Volker Krause from comment #10) > Ok, that is likely the cause of this problem then. And this is not limited > to the indoor map, but would affect any API use on a server using Let's > Encrypt certificates. > > There are three possible options I can think of: > (1) You manually install the ISRG X1 certificate from > https://letsencrypt.org/certificates/, assuming that is possible on Android > at all. I installed the Self- and Cross-signed variant of ISRG Root X1 and also OCSP X1, but the error still occurs. > (2) We bundle an updated CA certificate set with all our network-using apps > (which is presumably what your browser does). That isn't hard technically, > but it's substantial compliance work to ensure we don't make things worse by > shipping a not trustworthy certificate. This does sound like the best option. Also, the error still occurs on my older phone, it works fine on my newer one. But it may be happening to other users who have phone configurations like my older phone, so a fix would be helpful. > (3) We add an option to ignore the error. That opens the door for > accidentally compromising security even for people with correct CA > certificates though. -- You are receiving this mail because: You are watching all bug changes.
[KDE Itinerary] [Bug 472851] SSL Handshake Failed in KDE Itinerary - Indoor Train Station Map Issue
https://bugs.kde.org/show_bug.cgi?id=472851 --- Comment #10 from Volker Krause --- Ok, that is likely the cause of this problem then. And this is not limited to the indoor map, but would affect any API use on a server using Let's Encrypt certificates. There are three possible options I can think of: (1) You manually install the ISRG X1 certificate from https://letsencrypt.org/certificates/, assuming that is possible on Android at all. (2) We bundle an updated CA certificate set with all our network-using apps (which is presumably what your browser does). That isn't hard technically, but it's substantial compliance work to ensure we don't make things worse by shipping a not trustworthy certificate. (3) We add an option to ignore the error. That opens the door for accidentally compromising security even for people with correct CA certificates though. -- You are receiving this mail because: You are watching all bug changes.
[KDE Itinerary] [Bug 472851] SSL Handshake Failed in KDE Itinerary - Indoor Train Station Map Issue
https://bugs.kde.org/show_bug.cgi?id=472851 --- Comment #9 from reportthebug --- (In reply to Volker Krause from comment #8) > Hm, that sounds like the device CA certificate chain is incomplete, and for > Android <= 7 and Let's Encrypt certificates that isn't even entirely > implausible. > > Can you check if your device has the "Internet Security Research Group > (ISRG) X1" certificate installed? Here this is under Settings > Security & > privacy > Encryption & credentials > Trusted credentials, but this can of > course vary from one Android version to the next. The mentioned certificate is not installed. -- You are receiving this mail because: You are watching all bug changes.
[KDE Itinerary] [Bug 472851] SSL Handshake Failed in KDE Itinerary - Indoor Train Station Map Issue
https://bugs.kde.org/show_bug.cgi?id=472851 --- Comment #8 from Volker Krause --- Hm, that sounds like the device CA certificate chain is incomplete, and for Android <= 7 and Let's Encrypt certificates that isn't even entirely implausible. Can you check if your device has the "Internet Security Research Group (ISRG) X1" certificate installed? Here this is under Settings > Security & privacy > Encryption & credentials > Trusted credentials, but this can of course vary from one Android version to the next. -- You are receiving this mail because: You are watching all bug changes.
[KDE Itinerary] [Bug 472851] SSL Handshake Failed in KDE Itinerary - Indoor Train Station Map Issue
https://bugs.kde.org/show_bug.cgi?id=472851 --- Comment #7 from reportthebug --- (In reply to Volker Krause from comment #5) > Does opening https://maps.kde.org in the browser work without SSL errors? This is opening without SSL errors > As you seem to be using the nightly build, within the next 24h there should > be an update that should show additional details as part of that error > message. -- You are receiving this mail because: You are watching all bug changes.
[KDE Itinerary] [Bug 472851] SSL Handshake Failed in KDE Itinerary - Indoor Train Station Map Issue
https://bugs.kde.org/show_bug.cgi?id=472851 --- Comment #6 from reportthebug --- (In reply to Volker Krause from comment #4) > Git commit c51060a1a4c3fcdfdb5eb5f67693ba3faca3a4dd by Volker Krause. > Committed on 03/08/2023 at 17:25. > Pushed by vkrause into branch 'master'. > > Improve diagnostics for SSL errors > > M +11 -1src/map/loader/tilecache.cpp > > https://invent.kde.org/libraries/kosmindoormap/-/commit/ > c51060a1a4c3fcdfdb5eb5f67693ba3faca3a4dd Now the error is: "SSL handshake failed (The issuer certificate of a locally looked up certificate could not be found)" -- You are receiving this mail because: You are watching all bug changes.
[KDE Itinerary] [Bug 472851] SSL Handshake Failed in KDE Itinerary - Indoor Train Station Map Issue
https://bugs.kde.org/show_bug.cgi?id=472851 --- Comment #5 from Volker Krause --- Does opening https://maps.kde.org in the browser work without SSL errors? As you seem to be using the nightly build, within the next 24h there should be an update that should show additional details as part of that error message. -- You are receiving this mail because: You are watching all bug changes.
[KDE Itinerary] [Bug 472851] SSL Handshake Failed in KDE Itinerary - Indoor Train Station Map Issue
https://bugs.kde.org/show_bug.cgi?id=472851 --- Comment #4 from Volker Krause --- Git commit c51060a1a4c3fcdfdb5eb5f67693ba3faca3a4dd by Volker Krause. Committed on 03/08/2023 at 17:25. Pushed by vkrause into branch 'master'. Improve diagnostics for SSL errors M +11 -1src/map/loader/tilecache.cpp https://invent.kde.org/libraries/kosmindoormap/-/commit/c51060a1a4c3fcdfdb5eb5f67693ba3faca3a4dd -- You are receiving this mail because: You are watching all bug changes.
[KDE Itinerary] [Bug 472851] SSL Handshake Failed in KDE Itinerary - Indoor Train Station Map Issue
https://bugs.kde.org/show_bug.cgi?id=472851 --- Comment #3 from reportthebug --- (In reply to reportthebug from comment #2) > yes, any other network operations are working the same error occurs as well in the KDE OSM Indoor Map - app: also "SSL handshake failed." and no display of the map -- You are receiving this mail because: You are watching all bug changes.
[KDE Itinerary] [Bug 472851] SSL Handshake Failed in KDE Itinerary - Indoor Train Station Map Issue
https://bugs.kde.org/show_bug.cgi?id=472851 --- Comment #2 from reportthebug --- yes, any other network operations are working -- You are receiving this mail because: You are watching all bug changes.
[KDE Itinerary] [Bug 472851] SSL Handshake Failed in KDE Itinerary - Indoor Train Station Map Issue
https://bugs.kde.org/show_bug.cgi?id=472851 --- Comment #1 from Volker Krause --- Do any other network operations work within Itinerary (e.g. searching for train connections)? -- You are receiving this mail because: You are watching all bug changes.
