VRS: SignatureException on Android 2.3.3 about public-transport-enabler HOT 9 CLOSED

The issue is reproducable on my Nexus One.

@mdyrna

from public-transport-enabler.

You mean it reproducible every time even with a stable Internet connection?

from public-transport-enabler.

I tried only once but it crashed immediately.

I'm thinking of disabling certificate validation for Android 2.3.

from public-transport-enabler.

What happens if you open https://www.vrsinfo.de in your browser on Android 2.3?

from public-transport-enabler.

The certificate chain is the following:

(root)
CN = GeoTrust Primary Certification Authority
O = GeoTrust Inc.
C = US

CN = GeoTrust EV SSL CA - G4
O = GeoTrust Inc.
C = US

CN = www.vrsinfo.de
OU = Informationstechnologie
O = Verkehrsverbund Rhein-Sieg GmbH
L = Koeln
ST = Nordrhein-Westfalen
C = DE
Object Identifier (2 5 4 5) = HRB 16883
Object Identifier (2 5 4 15) = Private Organization
Object Identifier (1 3 6 1 4 1 311 60 2 1 1) = Koeln
Object Identifier (1 3 6 1 4 1 311 60 2 1 3) = DE

GeoTrust claims that Android >= 2.3 should include their root certificate:
https://www.geocerts.com/ssl/browsers

I can't test it myself since my last Android 2.3 device is long gone. :-)

from public-transport-enabler.

It redirects to https://m.vrsinfo.de/ and that page shows a broken lock. However, Options > Page info > View certificate claims the cert is valid. I'm not sure but I guess the browser is separate to the Java HTTP client.

from public-transport-enabler.

So the conclusion is you will disable certificate validation in de.schildbach.pte.util.ParserUtils for Android < 3?

from public-transport-enabler.

That's my suggestion, yes. Sadly Android 2.3 is still at 10% of the installed user base. But at least they'd get opportunistic encryption.

from public-transport-enabler.

I was able to work around this issue in Öffi.

from public-transport-enabler.