SSL error when trying to browse a wordpress site

79 views
Skip to first unread message
Assigned to ewpa...@gmail.com by taifu...@gmail.com

David Ruana

unread,
Dec 20, 2019, 1:25:07 AM12/20/19
to MIT App Inventor Forum
Hello,

I am trying to browse a page that I developed on a wordpress site. I tried WebViewer and other ways to open the connection, but I always get an SSL / TLS error.

It seems like the root certificates in the AppInventor trust store is not up-to-date with the latest certificate authorities. Updating it with the same list of root certificates than come in the browsers would solve the problem. However, I understand that it is not an easy task, as these certificates change from time to time and even there exist differences among the different browsers.

Probably the best approach would be adding a new option in WebViewer so that we developers can have the freedom to choose which root certificates we want to trust. Then for example, I would be able to add the certificate that my wordpress site depends on.

By the way, I noticed that some people proposed using the IgnoreSslError option. This is a bad idea as in this case you are not checking that you are connecting to the right site and you are not helping to keep your app users save from malware.

Thank you.

Best regards,
David

Evan Patton

unread,
Dec 20, 2019, 7:54:46 PM12/20/19
to MIT App Inventor Forum
The WebViewer component uses whatever the phone's system webview is. In most cases, this is Google Chrome. Are you able to access your site just fine using Chrome on your phone?

Regards,
Evan

David Ruana

unread,
Dec 21, 2019, 3:45:58 AM12/21/19
to MIT App Inventor Forum
Hi Evan, after further testing, I noticed that the error only occurs when I run my app in the Emulator, while it does not occur if I run it through the AI Companion.

Does it mean that the certificate trust store in the Emulator is outdated? I have tried to access sites which are protected with well-known root certificates, such us a DigiCert root certificate (created year 2006) and a Sectigo root certificate (created year 2010). Those root certificates have been existing for a while and could have been incorporated in the Emulator some years ago. Is there any reason for not doing this?

I am still interested in adding the root certificates manually into the Emulator if some way exists. Do you know if this is possible?

Thank you.

David Ruana

unread,
Dec 21, 2019, 3:57:43 AM12/21/19
to MIT App Inventor Forum
For example, a WebViewer tying to access the following page will fail in the Emulator:

https://facebook.github.io/react-native/movies.json

Evan Patton

unread,
Dec 23, 2019, 1:28:16 PM12/23/19
to MIT App Inventor Forum
Which emulator version are you using? The emulator is running a stock AOSP image so its certificate store is pretty sparse compared to a production Android build. The older emulator also likely is still using root certificates with SHA1 signatures rather than SHA256.

Regards,
Evan

David R.

unread,
Dec 28, 2019, 4:11:42 AM12/28/19
to MIT App Inventor Forum
Hi Evan, you are right. By taking a look at the dates of the emulator files, I can see that all of them are between 2013 and 2014.

I am not sure how to find out the version of my emulator. I installed it early 2019 from the link provided on the web site. When I start it, I can see the following info on screen:

Device = emulator-5554

Does a newer version exist?

Thanks

Evan Patton

unread,
Jan 8, 2020, 4:13:36 PM1/8/20
to MIT App Inventor Forum
Hi David,

Sorry I missed this (most of my time is spent on the new forum), for macOS there is a new version and we have a Windows version in beta. Please see this post for links to the newer emulator packages.

Regards,
Evan
Reply all
Reply to author
Forward
0 new messages