SSL Peer Unverified Exception

Here's my setup:

  • ~20 Samsung Galaxy Y phones running ODK Collect 1.2.1(1019)
  • Paid ODK Aggregate server running on Google AppEngine
  • USB data stick on my laptop which I share using my laptop's wifi.

The problem:

  • When I try to get the forms list, I sometimes get an
    SSLPeerUnverifiedException. Sometimes, I can download forms from the
    Aggregate Server onto all 20 phones without problem. Sometimes I load
    forms onto 2 forms and then get this exception. I have also had two phones
    side by side requesting the form list from the server and one phone will
    get the list and download the forms without problem while the other phone
    will get the SSLPeerUnverified Exception

Does anyone have any idea what might be causing this and how I can solve it?

Thanks,
Stuart

I have recently been debugging a similar problem with intermittent
peer-unverified exceptions. I'm running my own Tomcat server with my own
RapidSSL certificate, so I had assumed that it was something to do with
that. It happened a few times for one of my developers, then it stopped
happening and everything has been fine. I haven't yet figured out how to
reproduce it.

The developer is using an HTC Wildfire S, running Android 2.3.5 and ODK
Collect 1.2.1(1020).

I doubt that helps, but I thought that I'd throw it out there. Perhaps
others too have seen this kind of intermittent error recently?

Best,

Chris

··· On Sunday, October 28, 2012, Stuart Shirrell wrote:

Here's my setup:

  • ~20 Samsung Galaxy Y phones running ODK Collect 1.2.1(1019)
  • Paid ODK Aggregate server running on Google AppEngine
  • USB data stick on my laptop which I share using my laptop's wifi.

The problem:

  • When I try to get the forms list, I sometimes get an
    SSLPeerUnverifiedException. Sometimes, I can download forms from the
    Aggregate Server onto all 20 phones without problem. Sometimes I load
    forms onto 2 forms and then get this exception. I have also had two phones
    side by side requesting the form list from the server and one phone will
    get the list and download the forms without problem while the other phone
    will get the SSLPeerUnverified Exception

Does anyone have any idea what might be causing this and how I can solve
it?

Thanks,
Stuart

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

This is well below the layer at which ODK Collect controls the network
layer.

Perhaps it may be that the phone goes to sleep during one of these
requests? And that somehow flushes the cache of SSL certificates in the
bowels of the library? Just a guess... .

Another place to look is to see if there are any modifications to the
Apache HttpClient library that ships with Android. Beginning with ODK
Collect 1.2.1 (1014), I switched to use the latest Apache 4.2.1 httpclient
code (with a package renaming to avoid name conflicts), rather than the
sort-of-4.0.1 code that is built into 2.x OS. I had assumed that there were
no Android-specific customizations to that code, but perhaps Google put in
some code for onPause() handling??? (seems far fetched...)

Mitch

··· On Sun, Oct 28, 2012 at 6:46 AM, Christopher Robert < Christopher_Robert@hks.harvard.edu> wrote:

I have recently been debugging a similar problem with intermittent
peer-unverified exceptions. I'm running my own Tomcat server with my own
RapidSSL certificate, so I had assumed that it was something to do with
that. It happened a few times for one of my developers, then it stopped
happening and everything has been fine. I haven't yet figured out how to
reproduce it.

The developer is using an HTC Wildfire S, running Android 2.3.5 and ODK
Collect 1.2.1(1020).

I doubt that helps, but I thought that I'd throw it out there. Perhaps
others too have seen this kind of intermittent error recently?

Best,

Chris

On Sunday, October 28, 2012, Stuart Shirrell wrote:

Here's my setup:

  • ~20 Samsung Galaxy Y phones running ODK Collect 1.2.1(1019)
  • Paid ODK Aggregate server running on Google AppEngine
  • USB data stick on my laptop which I share using my laptop's wifi.

The problem:

  • When I try to get the forms list, I sometimes get an
    SSLPeerUnverifiedException. Sometimes, I can download forms from the
    Aggregate Server onto all 20 phones without problem. Sometimes I load
    forms onto 2 forms and then get this exception. I have also had two phones
    side by side requesting the form list from the server and one phone will
    get the list and download the forms without problem while the other phone
    will get the SSLPeerUnverified Exception

Does anyone have any idea what might be causing this and how I can solve
it?

Thanks,
Stuart

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Mitch Sundt
Software Engineer
University of Washington
mitchellsundt@gmail.com

I'll try to gather more evidence on this. At least in our case, it wasn't
that the device was going to sleep (it was in active use). But again, I
have a custom certificate, so that may be causing some trouble.

Thanks,

Chris

··· On Monday, October 29, 2012, Mitch S wrote:

This is well below the layer at which ODK Collect controls the network
layer.

Perhaps it may be that the phone goes to sleep during one of these
requests? And that somehow flushes the cache of SSL certificates in the
bowels of the library? Just a guess... .

Another place to look is to see if there are any modifications to the
Apache HttpClient library that ships with Android. Beginning with ODK
Collect 1.2.1 (1014), I switched to use the latest Apache 4.2.1 httpclient
code (with a package renaming to avoid name conflicts), rather than the
sort-of-4.0.1 code that is built into 2.x OS. I had assumed that there were
no Android-specific customizations to that code, but perhaps Google put in
some code for onPause() handling??? (seems far fetched...)

Mitch

On Sun, Oct 28, 2012 at 6:46 AM, Christopher Robert < Christopher_Robert@hks.harvard.edu <javascript:_e({}, 'cvml', 'Christopher_Robert@hks.harvard.edu');>> wrote:

I have recently been debugging a similar problem with intermittent
peer-unverified exceptions. I'm running my own Tomcat server with my own
RapidSSL certificate, so I had assumed that it was something to do with
that. It happened a few times for one of my developers, then it stopped
happening and everything has been fine. I haven't yet figured out how to
reproduce it.

The developer is using an HTC Wildfire S, running Android 2.3.5 and ODK
Collect 1.2.1(1020).

I doubt that helps, but I thought that I'd throw it out there. Perhaps
others too have seen this kind of intermittent error recently?

Best,

Chris

On Sunday, October 28, 2012, Stuart Shirrell wrote:

Here's my setup:

  • ~20 Samsung Galaxy Y phones running ODK Collect 1.2.1(1019)
  • Paid ODK Aggregate server running on Google AppEngine
  • USB data stick on my laptop which I share using my laptop's wifi.

The problem:

  • When I try to get the forms list, I sometimes get an
    SSLPeerUnverifiedException. Sometimes, I can download forms from the
    Aggregate Server onto all 20 phones without problem. Sometimes I load
    forms onto 2 forms and then get this exception. I have also had two phones
    side by side requesting the form list from the server and one phone will
    get the list and download the forms without problem while the other phone
    will get the SSLPeerUnverified Exception

Does anyone have any idea what might be causing this and how I can solve
it?

Thanks,
Stuart

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Post: opendatakit@googlegroups.com <javascript:_e({}, 'cvml',
'opendatakit@googlegroups.com');>
Unsubscribe: opendatakit+unsubscribe@googlegroups.com <javascript:_e({},
'cvml', 'opendatakit%2Bunsubscribe@googlegroups.com');>
Options: http://groups.google.com/group/opendatakit?hl=en

--
Mitch Sundt
Software Engineer
University of Washington
mitchellsundt@gmail.com <javascript:_e({}, 'cvml',
'mitchellsundt@gmail.com');>

--
Post: opendatakit@googlegroups.com <javascript:_e({}, 'cvml',
'opendatakit@googlegroups.com');>
Unsubscribe: opendatakit+unsubscribe@googlegroups.com <javascript:_e({},
'cvml', 'opendatakit%2Bunsubscribe@googlegroups.com');>
Options: http://groups.google.com/group/opendatakit?hl=en

Is it possible that the request isn't even reaching the server? I've check
our Aggregate server logs, and whenever I get the SSL exception, nothing
shows up in the logs. It seems like ODK Aggregate is pretty good about
noting whenever an http request shows up.

··· On Mon, Oct 29, 2012 at 11:04 PM, Christopher Robert <chrislrobert@gmail.com wrote:

I'll try to gather more evidence on this. At least in our case, it wasn't
that the device was going to sleep (it was in active use). But again, I
have a custom certificate, so that may be causing some trouble.

Thanks,

Chris

On Monday, October 29, 2012, Mitch S wrote:

This is well below the layer at which ODK Collect controls the network
layer.

Perhaps it may be that the phone goes to sleep during one of these
requests? And that somehow flushes the cache of SSL certificates in the
bowels of the library? Just a guess... .

Another place to look is to see if there are any modifications to the
Apache HttpClient library that ships with Android. Beginning with ODK
Collect 1.2.1 (1014), I switched to use the latest Apache 4.2.1 httpclient
code (with a package renaming to avoid name conflicts), rather than the
sort-of-4.0.1 code that is built into 2.x OS. I had assumed that there were
no Android-specific customizations to that code, but perhaps Google put in
some code for onPause() handling??? (seems far fetched...)

Mitch

On Sun, Oct 28, 2012 at 6:46 AM, Christopher Robert < Christopher_Robert@hks.harvard.edu> wrote:

I have recently been debugging a similar problem with intermittent
peer-unverified exceptions. I'm running my own Tomcat server with my own
RapidSSL certificate, so I had assumed that it was something to do with
that. It happened a few times for one of my developers, then it stopped
happening and everything has been fine. I haven't yet figured out how to
reproduce it.

The developer is using an HTC Wildfire S, running Android 2.3.5 and ODK
Collect 1.2.1(1020).

I doubt that helps, but I thought that I'd throw it out there. Perhaps
others too have seen this kind of intermittent error recently?

Best,

Chris

On Sunday, October 28, 2012, Stuart Shirrell wrote:

Here's my setup:

  • ~20 Samsung Galaxy Y phones running ODK Collect 1.2.1(1019)
  • Paid ODK Aggregate server running on Google AppEngine
  • USB data stick on my laptop which I share using my laptop's wifi.

The problem:

  • When I try to get the forms list, I sometimes get an
    SSLPeerUnverifiedException. Sometimes, I can download forms from the
    Aggregate Server onto all 20 phones without problem. Sometimes I load
    forms onto 2 forms and then get this exception. I have also had two phones
    side by side requesting the form list from the server and one phone will
    get the list and download the forms without problem while the other phone
    will get the SSLPeerUnverified Exception

Does anyone have any idea what might be causing this and how I can
solve it?

Thanks,
Stuart

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Mitch Sundt
Software Engineer
University of Washington
mitchellsundt@gmail.com

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Stuart Shirrell
IDinsight | Data. Decisions. Development
India: +91 97-71-402293
US: +1 (817) 203-4022
www.IDinsight.org

I doubt this would show up in the server logs. I think the SSL negotiation
occurs before any logging available within Tomcat, but have never enabled
that detailed a log (I'd probably use a network sniffer to capture these
detailed interactions).

Mitch

··· On Mon, Oct 29, 2012 at 11:25 AM, Christopher Robert <chrislrobert@gmail.com wrote:

There isn't any indication of a problem in our logs. It appears to error
out, in these cases, during negotiation of the SSL connection.

Chris

On Monday, October 29, 2012, Stuart Shirrell wrote:

Is it possible that the request isn't even reaching the server? I've
check our Aggregate server logs, and whenever I get the SSL exception,
nothing shows up in the logs. It seems like ODK Aggregate is pretty good
about noting whenever an http request shows up.

On Mon, Oct 29, 2012 at 11:04 PM, Christopher Robert < chrislrobert@gmail.com> wrote:

I'll try to gather more evidence on this. At least in our case, it wasn't
that the device was going to sleep (it was in active use). But again, I
have a custom certificate, so that may be causing some trouble.

Thanks,

Chris

On Monday, October 29, 2012, Mitch S wrote:

This is well below the layer at which ODK Collect controls the network
layer.

Perhaps it may be that the phone goes to sleep during one of these
requests? And that somehow flushes the cache of SSL certificates in the
bowels of the library? Just a guess... .

Another place to look is to see if there are any modifications to the
Apache HttpClient library that ships with Android. Beginning with ODK
Collect 1.2.1 (1014), I switched to use the latest Apache 4.2.1 httpclient
code (with a package renaming to avoid name conflicts), rather than the
sort-of-4.0.1 code that is built into 2.x OS. I had assumed that there were
no Android-specific customizations to that code, but perhaps Google put in
some code for onPause() handling??? (seems far fetched...)

Mitch

On Sun, Oct 28, 2012 at 6:46 AM, Christopher Robert < Christopher_Robert@hks.harvard.edu> wrote:

I have recently been debugging a similar problem with intermittent
peer-unverified exceptions. I'm running my own Tomcat server with my own
RapidSSL certificate, so I had assumed that it was something to do with
that. It happened a few times for one of my developers, then it stopped
happening and everything has been fine. I haven't yet figured out how to
reproduce it.

The developer is using an HTC Wildfire S, running Android 2.3.5 and ODK
Collect 1.2.1(1020).

I doubt that helps, but I thought that I'd throw it out there. Perhaps
others too have seen this kind of intermittent error recently?

Best,

Chris

On Sunday, October 28, 2012, Stuart Shirrell wrote:

Here's my setup:

  • ~20 Samsung Galaxy Y phones running ODK Collect 1.2.1(1019)
  • Paid ODK Aggregate server running on Google AppEngine
  • USB data stick on my laptop which I share using my laptop's wifi.

The problem:

  • When I try to get the forms list, I sometimes get an
    SSLPeerUnverifiedException. Sometimes, I can download forms from the
    Aggregate Server onto all 20 phones without problem. Sometimes I load
    forms onto 2 forms and then get this exception. I have also had two phones
    side by side requesting the form list from the server and one phone will
    get the list and download the forms without problem while the other phone
    will get the SSLPeerUnverified Exception

Does anyone have any idea what might be causing this and how I can solve
it?

Thanks,
Stuart

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Mitch Sundt
Software Engineer
University of Washington
mitchellsundt@gmail.com

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Post: opendatakit@googlegroups.com
Unsubscribe:

Stuart Shirrell
IDinsight | Data. Decisions. Development
India: +91 97-71-402293
US: +1 (817) 203-4022
www.IDinsight.org

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Mitch Sundt
Software Engineer
University of Washington
mitchellsundt@gmail.com

There isn't any indication of a problem in our logs. It appears to error
out, in these cases, during negotiation of the SSL connection.

Chris

··· On Monday, October 29, 2012, Stuart Shirrell wrote:

Is it possible that the request isn't even reaching the server? I've
check our Aggregate server logs, and whenever I get the SSL exception,
nothing shows up in the logs. It seems like ODK Aggregate is pretty good
about noting whenever an http request shows up.

On Mon, Oct 29, 2012 at 11:04 PM, Christopher Robert < chrislrobert@gmail.com> wrote:

I'll try to gather more evidence on this. At least in our case, it wasn't
that the device was going to sleep (it was in active use). But again, I
have a custom certificate, so that may be causing some trouble.

Thanks,

Chris

On Monday, October 29, 2012, Mitch S wrote:

This is well below the layer at which ODK Collect controls the network
layer.

Perhaps it may be that the phone goes to sleep during one of these
requests? And that somehow flushes the cache of SSL certificates in the
bowels of the library? Just a guess... .

Another place to look is to see if there are any modifications to the
Apache HttpClient library that ships with Android. Beginning with ODK
Collect 1.2.1 (1014), I switched to use the latest Apache 4.2.1 httpclient
code (with a package renaming to avoid name conflicts), rather than the
sort-of-4.0.1 code that is built into 2.x OS. I had assumed that there were
no Android-specific customizations to that code, but perhaps Google put in
some code for onPause() handling??? (seems far fetched...)

Mitch

On Sun, Oct 28, 2012 at 6:46 AM, Christopher Robert < Christopher_Robert@hks.harvard.edu> wrote:

I have recently been debugging a similar problem with intermittent
peer-unverified exceptions. I'm running my own Tomcat server with my own
RapidSSL certificate, so I had assumed that it was something to do with
that. It happened a few times for one of my developers, then it stopped
happening and everything has been fine. I haven't yet figured out how to
reproduce it.

The developer is using an HTC Wildfire S, running Android 2.3.5 and ODK
Collect 1.2.1(1020).

I doubt that helps, but I thought that I'd throw it out there. Perhaps
others too have seen this kind of intermittent error recently?

Best,

Chris

On Sunday, October 28, 2012, Stuart Shirrell wrote:

Here's my setup:

  • ~20 Samsung Galaxy Y phones running ODK Collect 1.2.1(1019)
  • Paid ODK Aggregate server running on Google AppEngine
  • USB data stick on my laptop which I share using my laptop's wifi.

The problem:

  • When I try to get the forms list, I sometimes get an
    SSLPeerUnverifiedException. Sometimes, I can download forms from the
    Aggregate Server onto all 20 phones without problem. Sometimes I load
    forms onto 2 forms and then get this exception. I have also had two phones
    side by side requesting the form list from the server and one phone will
    get the list and download the forms without problem while the other phone
    will get the SSLPeerUnverified Exception

Does anyone have any idea what might be causing this and how I can solve
it?

Thanks,
Stuart

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Mitch Sundt
Software Engineer
University of Washington
mitchellsundt@gmail.com

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Post: opendatakit@googlegroups.com
Unsubscribe:

Stuart Shirrell
IDinsight | Data. Decisions. Development
India: +91 97-71-402293
US: +1 (817) 203-4022
www.IDinsight.org

--
Post: opendatakit@googlegroups.com <javascript:_e({}, 'cvml',
'opendatakit@googlegroups.com');>
Unsubscribe: opendatakit+unsubscribe@googlegroups.com <javascript:_e({},
'cvml', 'opendatakit%2Bunsubscribe@googlegroups.com');>
Options: http://groups.google.com/group/opendatakit?hl=en