HTTP FAILED: javax.net.ssl.SSLHandshakeException: Chain validation failed

Question

I tried to call an API with the OkHttp client, but it does not succeed in Android. The API is working fine on iOS and Postman.

I'm getting a SSLHandshakeException in Android only. So, what would be the reason, and how to resolve it?

OkHttp libs

implementation 'com.squareup.okhttp3:okhttp:3.9.0'
implementation 'com.squareup.okhttp3:logging-interceptor:3.9.0'

Http Client

HttpLoggingInterceptor logging = new HttpLoggingInterceptor();
logging.setLevel(HttpLoggingInterceptor.Level.BODY);
OkHttpClient.Builder builder = new OkHttpClient().newBuilder();
if (BuildConfig.DEBUG)
    builder.addInterceptor(logging);
OkHttpClient client= builder.build();

Log:

javax.net.ssl.SSLHandshakeException: Chain validation failed
    at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:362)
    at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1134)
    at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1089)
    at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:876)
    at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747)
    at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712)
    at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:849)
    at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.access$100(ConscryptEngineSocket.java:722)
    at com.android.org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:238)
    at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:217)
    at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:299)
    at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:268)
    at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:160)
    at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:256)
    at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:134)
    at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:113)
    at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)

Tested Devices and OS Version

OnePlus 6T (Android 10)
Samsung s5 (Android 9)
Samsung A5 (android 6)
Android Emulator (Android 11)
LG Nexus (android 6)

This error type means that the device SSL stack cannot verify certificate of service. What Android version are you using and what is the service you are trying to connect to? — Dominik Murzynowski, Jan 05 '21 at 15:26
@DominikMurzynowski Samsung s6 (android 9) and Onplus 6T (android 10) — Rajasekaran M, Jan 06 '21 at 06:21
@RajasekaranM once do check your mobile device date and do check with emulator too — Vijaya Varma Lanke, Jan 06 '21 at 07:03
Check for a linked cause exception, toSSLHandshakeException should retain it. — Yuri Schimke, Jan 06 '21 at 08:18

Yuri Schimke · Answer 1 · 2021-01-06T08:17:07.557

This is a duplicate of Android Emulator "Chain Validation Failed" connecting developers machine with self-signed cert and SSLHandshakeException - Chain chain validation failed, how to solve?

Most likely it's wrong date on the device, an expired cert (unlikely if it's working elsewhere), or missing CA certificates on your Android device.

Without the root case it Is hard to tell what's going on. You have probably only included half the exception trace. I believe the cause is also attached.

    /**
     * Wraps the given exception if it's not already a {@link SSLHandshakeException}.
     */
    static SSLHandshakeException toSSLHandshakeException(Throwable e) {
        if (e instanceof SSLHandshakeException) {
            return (SSLHandshakeException) e;
        }

        return (SSLHandshakeException) new SSLHandshakeException(e.getMessage()).initCause(e);
    }

Are you sure you have posted the whole exception message? Is there a cause that you cut off? — Yuri Schimke, Jan 06 '21 at 08:17

HTTP FAILED: javax.net.ssl.SSLHandshakeException: Chain validation failed

1 Answers1