- Home
- :
- All Communities
- :
- Developers
- :
- Native Maps SDKs
- :
- Runtime SDK for Android Questions
- :
- Android network security configuration not working
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Android network security configuration not working
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm developing an android app using ArcGIS Runtime SDK for Android 100.6.0 and it is getting a SSLHandshakeException since I updated my app to use a network security config.
The app do requests to two servers. One of them is a REST API in a develpment server accessible only in my company network. The other one is a public server running an ArcGIS Server. The ArcGIS Server's domain is able to communicate over TLS 1.2.
So, I expect everything to works just adding a rule to my private development server. This is the content of my network security config:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config xmlns:android="http://schemas.android.com/apk/res/android">
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">172.17.1.14</domain>
</domain-config>
</network-security-config>Unfortunately, any requests to my ArcGIS Server (using ArcGIS Runtime SDK for Android) are resulting in the following exception:
Caused by: java.security.cert.CertificateException: Domain specific configurations require that hostname aware checkServerTrusted(X509Certificate[], String, String) is used
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:111)
at com.esri.arcgisruntime.internal.e.a.a.checkServerTrusted(SourceFile:161)
at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:212)
at com.android.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(ConscryptFileDescriptorSocket.java:404)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:375)
at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:224)Since my ArcGIS Server server has a valid certificate and is TLS 1.2 aware, it would not happen, right?
The following network security config works fine, but it is insecure:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config xmlns:android="http://schemas.android.com/apk/res/android">
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>In addiction, I read that Facebook's Audience Network Android SDK also experienced issues with the network security configuration because they cache files at localhost. I've tried the same solution proposed by them but it also didn't work: https://developers.facebook.com/docs/audience-network/android-network-security-config/
What did I have done wrong? Does the Runtime SDK do intermediate requests like FB? Sniffing the android emulator network did not show up any requests other then expected.
