We have an app that queries an API for a list of categories that is displayed to the user. We received a crash report from a user that the app had crashed with a SSLPeerUnverifiedException:
ANDROID_VERSION=4.4.4
APP_VERSION_NAME=1.12
BRAND=Xiaomi
PHONE_MODEL=2014818
CUSTOM_DATA=
STACK_TRACE=java.lang.RuntimeException: An error occured while executing doInBackground()
at android.os.AsyncTask$3.done(AsyncTask.java:300)
at java.util.concurrent.FutureTask.finishCompletion(FutureTask.java:355)
at java.util.concurrent.FutureTask.setException(FutureTask.java:222)
at java.util.concurrent.FutureTask.run(FutureTask.java:242)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
at java.lang.Thread.run(Thread.java:841)
Caused by: java.lang.RuntimeException: javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
at fr.free.nrw.commons.category.PrefixUpdater.doInBackground(PrefixUpdater.java:66)
The relevant code that caused the crash is:
protected ArrayList<String> doInBackground(Void... voids) {
//otherwise if user has typed something in that isn't in cache, search API for matching categories
MWApi api = CommonsApplication.createMWApi();
ApiResult result;
ArrayList<String> categories = new ArrayList<String>();
try {
result = api.action("query")
.param("list", "allcategories")
.param("acprefix", filter)
.param("aclimit", catFragment.SEARCH_CATS_LIMIT)
.get();
Log.d(TAG, "Prefix URL filter" + result.toString());
} catch (IOException e) {
throw new RuntimeException(e);
}
I don't think the issue is server-side, as the URL queried has a proper certificate, and out of hundreds of app usages, this is the first user who appears to have encountered this issue. The URL queried is https://commons.wikimedia.org/w/api.php?action=query&list=allcategories&acprefix=filter&aclimit=25 with 'filter' replaced by the user's text.
What is the recommended way to solve this? I found a solution at javax.net.ssl.sslpeerunverifiedexception no peer certificate but we would rather avoid this, as the app is transmitting data over a public network and we have security concerns.
