Problem:
Reproduce it in vpds when using
either "www.unitusccu.com/who-we-are/" or redirected url of the previous url "www.unitusccu.com/about/"
Log:
```
2023-05-24 16:16:11.917 12881-13026 chromium com...ablement.uiComponents.demoApp W [WARNING:display_webview.cc(32)] WebView overlays are enabled!
2023-05-24 16:16:12.714 12881-13016 chromium com...ablement.uiComponents.demoApp E [ERROR:ssl_client_socket_impl.cc(992)] handshake failed; returned -1, SSL error code 1, net_error -202
2023-05-24 16:16:14.657 12881-12881 chromium com...ablement.uiComponents.demoApp I [INFO:CONSOLE(153)] "CSRF data not available;The data may be unavailable by design, such as during non-authenticated requests: SyntaxError: Unexpected token '<', "<!DOCTYPE "... is not valid JSON", source:153)
2023-05-24 16:38:56.804 13925-13989 cr_X509Util com...ablement.uiComponents.demoApp I Failed to validate the certificate chain, error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
2023-05-24 16:38:56.807 13925-14009 chromium com...ablement.uiComponents.demoApp E [ERROR:ssl_client_socket_impl.cc(992)] handshake failed; returned -1, SSL error code 1, net_error -202
2023-05-24 16:38:56.814 13925-13925 GZL com...ablement.uiComponents.demoApp D test onErrorAction is called
```
Android native library API WebViewClient.onReceivedSslError find this error and give it to the app layer: SslError for the "www.unitusccu.com/who-we-are/"
primary error: 3 certificate: Issued to:CN=www.unitusccu.com,O=Unitus Community Credit Union,ST=Oregon,C=US;
Issued by: CN=Network Solutions OV Server CA 2,O=Network Solutions L.L.C.,L=Herndon,ST=VA,C=US;
on URL: www.unitusccu.com/who-we-are/
Problem log:
I/X509Util: Failed to validate the certificate chain, error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
Chromium源码位置:
ssl_client_socket_imp
source.chromium.org/chromium/ch…
X509Util:
chromium.googlesource.com/chromium/sr…
Reason:
The root cause of this issue is that Android does not support AIA (Authority Information Access) Fetching for intermediate certificates, as shown in the following screenshot:
The "Extra download" in orange is the missing intermediate certificate which needs to be fetched by AIA. (the screenshot was obtained by running the SSL Server Test with host name www.unitusccu.com and expand on the "Certification paths").
iOS and the Chrome browser on Android support AIA Fetching, which is why the page displayed fine on iOS version or by clicking the link in emails on Android phones.
When the issue occurs:
After adding the intermediate certificate on the server:
And it works on WebView.
