I create my own CA authority for local deploy. And APIRest, web and app. So my certificates work well in web.
In android I been configure my network_security_config.xml like this way:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config>
<trust-anchors>
<certificates src="#raw/myca"/>
<certificates src="system"/>
<certificates src="user"/>
</trust-anchors>
</domain-config>
</network-security-config>
When I run tns run android and I try to connect to my api the console show me this error:
"error": { JS: "originalStack": "Error: java.net.SocketException:
java.security.NoSuchAlgorithmException: Error constructing
implementation (algorithm: Default, provider: AndroidOpenSSL, class:
com.android.org.conscrypt.DefaultSSLContextImpl)\n at new
ZoneAwareError
(file:///data/data/org.nativescript.ngsample/files/app/vendor.js:91593:33)\n
at onRequestComplete
(file:///data/data/org.nativescript.ngsample/files/app/vendor.js:97990:34)\n
at Object.onComplete
(file:///node_modules/#nativescript/core/http/http-request/http-request.js:43:0)"
What could be the problem?
This was easy. My mistake was not read the documentation. I only need to change mi security_network_config.xml
<domain-config>
<domain includeSubdomains="true">192.168.1.67</domain>
<trust-anchors>
<certificates src="#raw/myca"/>
</trust-anchors>
</domain-config>
Related
I have problem with my flutter app. It works from compiled APK file when I debug it. So then, I upload to playstore. When the release is approved. Then I install the app from playstore. However, it stucks on the loading. It seems cannot access the app directly.
Is the problem comes from this one
Here is my network_security_config
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</base-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">127.0.0.1</domain>
</domain-config>
</network-security-config>
Cleartext is enabled in the manifest.
I have done adb reverse tcp:8081 tcp:8081 command.
The same app readily works on an API 28 emulator.
I get the message Could not connect to development server.
Is there another reason why Android 12 might cause problems with this?
Thanks :)
The issue was the need to add localhost to res/xml/network_security_config.xml:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
<trust-anchors>
<!-- Trust preinstalled CAs -->
<certificates src="system" />
<!-- Additionally trust user added CAs -->
<certificates src="user" />
</trust-anchors>
</base-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">10.0.2.2</domain>
<domain includeSubdomains="true">localhost</domain>
</domain-config>
</network-security-config>
In my application I set a network security configuration file with the following:
<network-security-config>
<debug-overrides>
<trust-anchors>
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
I'm setting in my manifest this way:
<application
(...)
android:networkSecurityConfig="#xml/network_security_config">
Additionally, I'm adding a 3rd party lib which supplies its own network security config file with a set of domains
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">domainA</domain>
</domain-config>
</network-security-config>
Which they are setting in my manifest this way:
<application android:networkSecurityConfig="#xml/network_security_config">
The problem is that the manifest merge only works in manifest.xml file (afaik), therefore the netowrk-security-config file will always be the application file and not the merge between the app and 3rd party network-security-config files, is there a way to achieve something like this?
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">domainA</domain>
</domain-config>
<debug-overrides>
<trust-anchors>
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
There is no built-in mechanism to merge resources that way. You would need to have the combined network security configuration file in your app module, where you manually merge what you need and what the library requests.
First of all let me clarify that I know that this is a very bad practice and I will not push this change into my production code. But sometimes we need to debug some changes in non debuggable flavour of my application but all the https urls are failing with the following error
Client SSL handshake failed: An unknown issue occurred processing the certificate (certificate_unknown)
I have used the following network config files and added in my manifest file. This is working in debuggable flavour of the app but still not working in non-debuggable flavour.
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
<debug-overrides>
<trust-anchors>
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
Is there any way I can use charles to monitor my network calls in the non-debuggable flavour of the android app ?
This one works for me:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
<trust-anchors>
<certificates src="user" />
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>
Source
When creating your release build that needs to debug using Charls, In the Manifest inside the application context. please add android:debuggable="true" after that try to build your release build and try to debug using Charls.
I have not tried this but this might work. According to the following link.
https://developer.android.com/training/articles/security-config.html
I am using Charles for intercepting request and response from a long time,but When I tried google pixel targeting Android Oreo, It keep giving me hand-shake exception. I was aware their certain changes has been done in Naught about network security. Any sort of help will be appreciated.
If you are facing issue using Charles on Device tar-getting above 7.0 in Android, follow these steps, as detailed in the Charles Proxy documentation
Add following line
android:networkSecurityConfig="#xml/network_security_config">
to your manifest file in Application Tag.
Create a xml folder with a file named network_security_config and paste following code in it.
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
<debug-overrides>
<trust-anchors>
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
Note: Do not commit above to your branch if you have only single build flavours.
For People having different build flavours (debug/release/other) can use this for debug version and commit as well.
The other answer is correct as well, but according to the documentation the base-config xml tag is not needed at all. While this is not explicitly mentioned, their example does not include that tag.
This is the code on the Documentation site for "Configure CAs for debugging":
res/xml/network_security_config.xml:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<debug-overrides>
<trust-anchors>
<certificates src="#raw/debug_cas"/>
</trust-anchors>
</debug-overrides>
</network-security-config>
Instead of specifying a specific certificate, we can just allow user-installed certs though, like in the other answer:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<debug-overrides>
<trust-anchors>
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>