#kimvincible_code

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1441393852614180874

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

👋 Hi there

Is this happening on an emulator, or a certain device?

certain device. Samsung S23+

👋 hi btw

Does it happen on other devices, or in an emulator?

Haven't tested in other devices or emulator.

This error seems to be about SSL certificates. Do you have any special configuration in your app for SSL certificates, or intercepting traffic for example?

I don't have as far as i know. I also turned off VPN and whatnot in testing.

I am trying it out on emulator as well if i can replicate

emulator also has the same problem

Stripe Failed: IOException during API request to Stripe (https://api.stripe.com/v1/payment_intents/pi_3SVt2HFzcwMnw9IE1NDHtcR6/confirm): java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.. Please check your internet connection and try again. If this problem persists, you should check Stripe's service status at https://twitter.com/stripestatus, or let us know at support@stripe.com.

This is the full error I got. I am using the same Wifi for both devices.

The version of the library i am using is stripeAndroid = "20.52.0"

👋 taking over for my colleague. Let me catch up.

please give me a moment and I will be with you shortly

ok

you need to update the TLS config of your app

Oh i see. What kind of update do i need to add? do we include stripe in the subdomains?

which SDK version are you using?

20.52.0

can you at least upgrade to https://github.com/stripe/stripe-android/releases/tag/v20.53.0

I can try this then see if the Cert error still exist?

yes please

and if you can try to upgrade to more recent versions I think it would probably be for the best

give me a few moments though, i will get back to you on the library upgrade. just need to iron out some things on my side

ok i am currently building now wiht 20.53.0

So i upgraded to 20.53.0 and still it didn't work

👋 Hey, taking over here, just taking a look. Is it still the same error?

yes

any insight what i can do to fix this?

Hi there, taking over for @vocal garden as they had to step away, they weren't able to identify the issue so I'll start looking into this

oh thank you

so yeah, upgraded my SDK and still getting the error

Earlier it was mentioned that you need to update the TLS config of your app. Did you make any changes there?

not yet

I don't know what to change for it

Got it, reaching out to my colleagues to get the details on this

One thing to check is if you have a network security config, and if so can you share what it looks like?
https://developer.android.com/privacy-and-security/security-config

<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">api.xxx.com</domain>
<domain includeSubdomains="true">media.xxx.com</domain>
<domain includeSubdomains="true">xxx.com</domain>
</domain-config>
</network-security-config>

I censored the xxx since it is the name of the company. hope you don't mind.

Thanks! That seems fine

ok, can i bring up one thing we were able to do to make it work

somehow if i go close the application and go back to the same page where i do the stripe operation, it will work

Like full close remove from drawer

Or at least it worked twice.

Interesting. So it could be the case that some code elsewhere in the app is interfering with how network connections are made

I think I asked earlier, but do you have any custom SSL-related code in your app? Like a TrustManager or any code that looks like that?

Also, you mentioned this error: "Stripe Failed: IOException during API request to Stripe" — are you able to print out the entire stacktrace here?

ah sure. While i print stack trace, is it fine to send recording of the situation?

Sure!

Just to explain the video, I am testing using 2c2p and stripe. What i did was not proceed with 2c2p and try paying with stripe. As we investigate, we saw the Cert error.

Also when I mentioned we were able to make it work. Imagine after this video, i closed the app fully, go back to the same page and just pay with Stripe. That somehow fixes it

As for the full exception, here is the whole log

That's good information, thanks. It looks like the 2c2p SDK has its own SSLSocketFactory, which could potentially affect how SSL connections are made throughout the app

Ok, one thing i theorised with this is that i can reinitialise the PaymentConfiguration like this when the 2c2p operation is done. Would that reset the SSL stuff?

PaymentConfiguration.init(requireContext(), stripeWrapper.getPublishableKey())

I don't think so

Do you know which version of the 2c2cp SDK you have?

pgwUiSdk = "4.0.4"

It is pgwUiSdk btw

not directly 2c2p i guess but yeah

Yeah, I can see that it imports version 4.7.1 of the pgw-sdk, which looks like it overrides the default SSL socket factory used by the app

So it appears that their SDK is causing problems for others

ah sorry what do you mean? the 4.0.4 version of the library gets the 4.7.1 version of what exactly?

Version 4.0.4 of the pgw-ui-sdk library depends on pgw-sdk 4.7.1: https://repo1.maven.org/maven2/com/2c2p/pgw-ui-sdk/4.0.4/pgw-ui-sdk-4.0.4.pom

ah got it. the UI sdk i am using is using their latest SDK which has a bug with SSL?

It's hard to tell, as they don't publish the source code of this SDK. But from a quick look inside, it seems that they override the code to handle SSL/TLS connections. They seem to be calling HttpsURLConnection.setDefaultSSLSocketFactory(…) which may affect how any other code in your app creates a secure HTTP connection.

So you'd have to talk to them about this

Ah ok, let me verify this as well. If i full close the app now, the SSL default factory should reset. I should be able to buy via stripe no problem in theory

Potentially. It depends at which point the relevant 2c2p code gets initialised

Yeah, it worked. Your theory sounds correct

I guess if i can reset it, that should solve it or maybe just ask them how to reset this on their library itself

You can try something like HttpsURLConnection.setDefaultSSLSocketFactory(null) but honestly that's just a guess, and again it depends on how they override this

You'd need to follow up with them 🙂

BTW, may i ask where did you find the quick look inside. I wanna also see what they did

HttpsURLConnection.setDefaultSSLSocketFactory(…) <-- how they set this, do oyu have a link?

You would have to download the AAR file from here and look inside the classes.jar inside there, using a Java decompiler: https://repo1.maven.org/maven2/com/2c2p/pgw-sdk/4.7.1/

got it. Thank you very much