[SOLVED] Add support to allow self-signed ssl cert?

Issue description:

My subsonic server works fine with HTTP, but not with HTTPS.

Items in text like songs, albums, and artists are shown, but no media.
There is no cover, and songs cannot be played.

I checked the log myself. Looks like it’s a self-signed SSL cert issue.

Logs:

  Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
      at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:656)
      at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:505)
      at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:425)
      at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:353)
      at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
      at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:90)
      at com.android.org.conscrypt.ConscryptEngineSocket$2.checkServerTrusted(ConscryptEngineSocket.java:163)
      at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:255)
      at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1638)
      at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
      at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:569)
      at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1095)
      at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1079)
      ... 25 more
  Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
      ... 38 more
]
2022-07-17 09:05:13.387 Error/MusicPlayer: onPlayerError: 2001 / java.io.IOException: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
2022-07-17 09:05:13.387 Error/PlaybackController: onMediaError:  [true]
2022-07-17 09:05:13.389 Verbose/PlaybackController: closePreparedForRendering PlayableMediaItem(source=MediaItem{externalId='foobar', mediaType=Song, file='foobar.flac', title='foobar'}, url=https://foobar.com:443/sv01/rest/download.view?id=foobar=REDACTED&t=REDACTED&s=REDACTED&v=1.13.0&c=Symfonium&f=json&format=raw, externalThumbnail=, urlIncludeResumePoint=false, urlIncludeResumePointValue=0, alreadyResolved=false, mimeTypeOverride=, payload=, preparationError=false, preparationErrorMessage=, playlistPosition=0, headers=null, mediaFormat=null, lyrics=null, uuid=foobar)

Screenshots:

Additional information:

To my understanding, it should be a self-signed SSL cert issue, so I only posted necessary part of the log with some personal though not sensitive information redacted.
However, I am not a coding expert. If I was wrong, let me know, and I will upload the full log.

Well I always need the full logs as the template says :wink:

Anyway selfsigned certificate are fully supported, you just need to use the wizard to add the host and not edit a current host added with http then edit to change to https and wrong certificates.

I did not edit an existed http host while I actually deleted all the hosts and made a totally new host for the https.

About self-signed, maybe that’s not the issue base on your words. I could be wrong as I just read the log briefly and made some simple search.

I will upload the full log later.

I need logs that include when you actually add the host.

I have fixed it myself.

Looks like there is nothing to do with symfonium but my own sever configuration.
There was some problem with the ssl configuration and I have fixed it.
Then everything works fine on symfonium.

Sorry for bother.

Well, I’m still having this issue on latest version.
I installed self-signed CA, but with no luck: requests from app works fine:

2022-08-05 16:38:01.378 Verbose/JellyfinLogger: <-- [537] 200  https://my.media.domain/Users/a52f64ed4f4841eea29259fa73ebf68e/Items/160cd59e57a59b59a45185d8061fa264 (35ms, unknown-length body)

but requests from ExoPlayer (to actually play media) failed:

2022-08-05 16:38:01.427 Verbose/PlayableMediaItemDataSource: Preparing item (false) : https://my.media.domain:443/Audio/160cd59e5da59b59505185d8661fa264/stream.flac?static=true&dlnaheaders=true&api_key=REDACTED -> https://my.media.domain:443/Audio/160cd59e5da59b59505185d8661fa264/stream.flac?static=true&dlnaheaders=true&api_key=REDACTED
2022-08-05 16:38:01.535 Verbose/StateManager: New state (true): true-true-true 
2022-08-05 16:38:01.543 Verbose/ImageCacheManager: File should have been downloaded but not present.
2022-08-05 16:38:01.554 Verbose/ImageCacheManager: File should have been downloaded but not present.
2022-08-05 16:38:01.555 Verbose/ImageCacheManager: File already downloading, waiting for end.
2022-08-05 16:38:01.569 Error/ExoPlayer: internalError [eventTime=1008.68, mediaPos=0.00, window=0, period=0, loadError
  ng.c0: java.io.IOException: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
      at of.b.k(SourceFile:431)
      at j9.e.k(SourceFile:188)
      at ng.t.k(SourceFile:328)
      at j9.b.k(SourceFile:152)
      at ng.q0.k(SourceFile:10)
      at jg.a0.b(SourceFile:26)
      at ng.h0.run(SourceFile:54)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
      at java.lang.Thread.run(Thread.java:923)
  Caused by: java.io.IOException: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
      at of.b.t(SourceFile:24)
      at of.b.k(SourceFile:242)
      ... 9 more
  Caused by: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
      at ph.k.P0(SourceFile:21)
      at ph.k.get(SourceFile:55)
      at ph.n.get(SourceFile:1)
      at of.b.t(SourceFile:14)
      ... 10 more
  Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
      at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:362)
      at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1134)
      at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1089)
      at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:876)
      at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747)
      at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712)
      at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:849)
      at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.access$100(ConscryptEngineSocket.java:722)
      at com.android.org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:238)
      at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:217)
      at ek.k.g(SourceFile:86)
      at ek.k.c(SourceFile:132)
      at ek.e.a(SourceFile:657)
      at ek.a.a(SourceFile:51)
      at fk.f.b(SourceFile:160)
      at ck.a.a(SourceFile:104)
      at fk.f.b(SourceFile:160)
      at fk.a.a(SourceFile:137)
      at fk.f.b(SourceFile:160)
      at fk.g.a(SourceFile:145)
      at fk.f.b(SourceFile:160)
      at g7.a.a(SourceFile:3)
      at fk.f.b(SourceFile:160)
      at ek.i.h(SourceFile:96)
      at ek.f.run(SourceFile:36)
      ... 3 more
  Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
      at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:661)
      at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:510)
      at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:428)
      at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:356)
      at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
      at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:90)
      at com.android.org.conscrypt.ConscryptEngineSocket$2.checkServerTrusted(ConscryptEngineSocket.java:161)
      at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:250)
      at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1644)
      at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
      at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:568)
      at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1095)
      at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1079)
      ... 25 more
  Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
      ... 38 more
]

Server returns correct chain, btw:

[email protected]:~$ openssl s_client -connect my.media.domain:443 | grep OK
# redacted
Verification: OK

@Orhideous your issue is unrelated and your certificate is invalid the root certificate is unknown from your phone and you need to install it.

Open your own issue for help.