Current behavior: Download attempts fail with this error message:
Unable to establish a secure connection. This can mean that another app on your device (like a VPN or an ad blocker) blocked the download, or that something is wrong with the server certificates.
Technical reason:
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
File URL:
https://media.blubrry.com/arrlaudionews/content.blubrry.com/arrlaudionews/AAN-2024-05-17.mp3
I see a similar error message when attempting to stream an episode of this podcast.
I AM able to paste the podcast episode link into my browser (Chrome on my S-8) and play it there.
First occurred: Approximately 10 days ago
Steps to reproduce:
Wait for the auto-download to start
Read the error message in my notifications area
OR
Open the queue
Click the Download icon for a failed episode
Wait for the download attempt to time out and read the error in a dialog box (or eventually in my notifications area)
OR
Open an episode page
Click the Stream icon
Wait for the download attempt to time out and read the error in a dialog box
Environment:
This issue occurs whether or not I have my wired “ear buds” plugged in.
I reckon Chrome on Android doesn’t use the system certificate store, which is why it works. But if you install another browser - I tried with the Duck Duck Go one - then it does show a warning when accessing media.blubrry.com, although it just says the certificate “is not valid” vaguely.
I reckon Chrome on Android doesn’t use the system certificate store,
which is why it works. But if you install another browser - I tried
with the Duck Duck Go one - then it does show a warn ing when accessing
media.blubrry.com, although it just says the certificate “is not
valid” vaguely.
Sadly, it seems like this has broken again in the last few days. This morning the error returned on a download that worked last week. I give up, I’ll probably buy a new phone soon because other errors and glitches are starting to stack up on it (entirely unrelated to this).
What is the best path forward – talking to blubrry, who seem to revert back to unusability frequently or ship our own CA certificates again?
If the latter, do we merely need to update the certificates in core/src/main/java/de/danoeh/antennapod/core/ssl/BackportCaCerts.java?