Skip to content

Allow bypassing CA check on Android TV #1495

Open
Open
Allow bypassing CA check on Android TV#1495
Labels
bugSomething isn't working
@maluueu

Description

@maluueu
maluueu
opened on May 31, 2026

Description

Would it be possible to add a "trust this CA" / "bypass CA check" button on the setup server page?
I run my own CA, where every managed device (Win, Linux, iOS, iPadOS, Android) gets the CA certs into their certificate store automatically. Only Android TV devices don't support that ...

The official solution from the Jellyfin maintainers are for me to change my domain to a public one, just so that I can get a valid LE cert via DNS. That's completely nuts.

Reproduction steps

  1. Install app
  2. Add server
  3. Input URL with HTTPS with (for example) self-signed cert or enterprise-CA
  4. Error in logcat

App Version

v1.0.0

Server Version

10.11.10

Device

Xiaomi TV Box S 3rd Gen

Logs

05-31 03:50:03.642 18592 21147 I hx4     : Requesting public system info for https://media.alkan.infra/jellyfin
05-31 03:50:03.642 18592 26957 I hx4     : Requesting public system info for https://media.alkan.infra:8920/jellyfin
05-31 03:50:03.642 18592 21150 I hx4     : Requesting public system info for https://media.alkan.infra:8096/jellyfin
05-31 03:50:03.642 18592 21147 I hx4     : GET https://media.alkan.infra/jellyfin/System/Info/Public
05-31 03:50:03.642 18592 26957 I hx4     : GET https://media.alkan.infra:8920/jellyfin/System/Info/Public
05-31 03:50:03.643 18592 21150 I hx4     : GET https://media.alkan.infra:8096/jellyfin/System/Info/Public
05-31 03:50:03.817 18592 21150 E hx4     : Unknown SSL error occurred
05-31 03:50:03.817 18592 21150 E hx4     : javax.net.ssl.SSLException: Unable to parse TLS packet header
05-31 03:50:03.817 18592 21150 E hx4     : 	at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:807)
05-31 03:50:03.817 18592 21150 E hx4     : 	at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747)
05-31 03:50:03.817 18592 21150 E hx4     : 	at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712)
05-31 03:50:03.817 18592 21150 E hx4     : 	at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:896)
05-31 03:50:03.817 18592 21150 E hx4     : 	at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.-$$Nest$mprocessDataFromSocket(Unknown Source:0)
05-31 03:50:03.817 18592 21150 E hx4     : 	at com.android.org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:236)
05-31 03:50:03.817 18592 21150 E hx4     : 	at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:218)
05-31 03:50:03.817 18592 21150 E hx4     : 	at nw0.j(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:30)
05-31 03:50:03.817 18592 21150 E hx4     : 	at nw0.g(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:144)
05-31 03:50:03.817 18592 21150 E hx4     : 	at l82.d(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:153)
05-31 03:50:03.817 18592 21150 E hx4     : 	at mb0.a(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:455)
05-31 03:50:03.817 18592 21150 E hx4     : 	at bs5.b(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:104)
05-31 03:50:03.817 18592 21150 E hx4     : 	at mb0.a(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:151)
05-31 03:50:03.817 18592 21150 E hx4     : 	at bs5.b(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:104)
05-31 03:50:03.817 18592 21150 E hx4     : 	at e60.a(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:736)
05-31 03:50:03.817 18592 21150 E hx4     : 	at bs5.b(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:104)
05-31 03:50:03.817 18592 21150 E hx4     : 	at e60.a(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:314)
05-31 03:50:03.817 18592 21150 E hx4     : 	at bs5.b(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:104)
05-31 03:50:03.817 18592 21150 E hx4     : 	at rr5.i(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:92)
05-31 03:50:03.817 18592 21150 E hx4     : 	at or5.run(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:42)
05-31 03:50:03.817 18592 21150 E hx4     : 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
05-31 03:50:03.817 18592 21150 E hx4     : 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
05-31 03:50:03.817 18592 21150 E hx4     : 	at java.lang.Thread.run(Thread.java:1012)
05-31 03:50:03.817 18592 21150 E hx4     : 	Suppressed: javax.net.ssl.SSLException: Unable to parse TLS packet header
05-31 03:50:03.817 18592 21150 E hx4     : 		... 23 more
05-31 03:50:03.828 18592 21150 E hx4     : Unknown SSL error occurred
05-31 03:50:03.828 18592 21150 E hx4     : javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:356)
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1134)
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1089)
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:876)
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747)
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712)
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:896)
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.-$$Nest$mprocessDataFromSocket(Unknown Source:0)
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:236)
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:218)
05-31 03:50:03.828 18592 21150 E hx4     : 	at nw0.j(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:30)
05-31 03:50:03.828 18592 21150 E hx4     : 	at nw0.g(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:144)
05-31 03:50:03.828 18592 21150 E hx4     : 	at l82.d(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:153)
05-31 03:50:03.828 18592 21150 E hx4     : 	at mb0.a(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:455)
05-31 03:50:03.828 18592 21150 E hx4     : 	at bs5.b(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:104)
05-31 03:50:03.828 18592 21150 E hx4     : 	at mb0.a(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:151)
05-31 03:50:03.828 18592 21150 E hx4     : 	at bs5.b(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:104)
05-31 03:50:03.828 18592 21150 E hx4     : 	at e60.a(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:736)
05-31 03:50:03.828 18592 21150 E hx4     : 	at bs5.b(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:104)
05-31 03:50:03.828 18592 21150 E hx4     : 	at e60.a(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:314)
05-31 03:50:03.828 18592 21150 E hx4     : 	at bs5.b(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:104)
05-31 03:50:03.828 18592 21150 E hx4     : 	at rr5.i(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:92)
05-31 03:50:03.828 18592 21150 E hx4     : 	at or5.run(r8-map-id-698f8897a6b27c24a1fee20d68fe46893d00239a49c77e13f71d7c958cb7c76e:42)
05-31 03:50:03.828 18592 21150 E hx4     : 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
05-31 03:50:03.828 18592 21150 E hx4     : 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
05-31 03:50:03.828 18592 21150 E hx4     : 	at java.lang.Thread.run(Thread.java:1012)
05-31 03:50:03.828 18592 21150 E hx4     : 	Suppressed: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
05-31 03:50:03.828 18592 21150 E hx4     : 		... 26 more
05-31 03:50:03.828 18592 21150 E hx4     : 	Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
05-31 03:50:03.828 18592 21150 E hx4     : 		at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:672)
05-31 03:50:03.828 18592 21150 E hx4     : 		at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:549)
05-31 03:50:03.828 18592 21150 E hx4     : 		at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:615)
05-31 03:50:03.828 18592 21150 E hx4     : 		at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:505)
05-31 03:50:03.828 18592 21150 E hx4     : 		at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:425)
05-31 03:50:03.828 18592 21150 E hx4     : 		at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:353)
05-31 03:50:03.828 18592 21150 E hx4     : 		at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
05-31 03:50:03.828 18592 21150 E hx4     : 		at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:90)
05-31 03:50:03.828 18592 21150 E hx4     : 		at com.android.org.conscrypt.ConscryptEngineSocket$2.checkServerTrusted(ConscryptEngineSocket.java:163)
05-31 03:50:03.828 18592 21150 E hx4     : 		at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:260)
05-31 03:50:03.828 18592 21150 E hx4     : 		at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1638)
05-31 03:50:03.828 18592 21150 E hx4     : 		at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
05-31 03:50:03.828 18592 21150 E hx4     : 		at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:569)
05-31 03:50:03.828 18592 21150 E hx4     : 		at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1095)
05-31 03:50:03.828 18592 21150 E hx4     : 		at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1079)
05-31 03:50:03.828 18592 21150 E hx4     : 		... 23 more
05-31 03:50:03.828 18592 21150 E hx4     : 	Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
05-31 03:50:03.828 18592 21150 E hx4     : 		... 38 more
05-31 03:50:03.828 18592 21150 E hx4     : Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:672)
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:549)
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:615)
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:505)
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:425)
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:353)
05-31 03:50:03.828 18592 21150 E hx4     : 	at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
05-31 03:50:03.828 18592 21150 E hx4     : 	at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:90)
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.ConscryptEngineSocket$2.checkServerTrusted(ConscryptEngineSocket.java:163)
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:260)
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1638)
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:569)
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1095)
05-31 03:50:03.828 18592 21150 E hx4     : 	at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1079)
05-31 03:50:03.828 18592 21150 E hx4     : 	... 23 more
05-31 03:50:03.828 18592 21150 E hx4     : Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
05-31 03:50:03.828 18592 21150 E hx4     : 	... 38 more

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions