@Gamma I was able to import self signed cert by placing cert in webserver root directory (/var/www/sslcert.crt) then browsing via chrome on Android to server root directory, in your case https://your.public.IP.address:non-standard-port-if-used. Then it will ask you to accept self signed cert and save it to your trusted credentials. No need to root.
Sure, here you go: https://gist.github.com/klemens/821e8e8727452e206253
The first patch results in the default protocols used (SSLv3 and TLSv1 for android 4.4). But I would recommend the second one, which enables TLSv1 and TLSv1.1, but disables TLSv1.2 to avoid problems with SHA2.
I did solve the problem importing “httpclient-android-4.3.5.jar” (downloaded from here: http://repo1.maven.org/maven2/org/apache/httpcomponents/httpclient-android/4.3.5/) in the project.
But there are still dependencies that cannot be resolved:
I solved those importing the following JARs:
“Connection reset by peer” means that the remote peer (your server) closed the connection before a secure connection could be established. A possible reason could be that your server doesn’t allow connections from your mobile IP.
As this is a server and/or networking problem, I’ll close this issue here. I think that the some networking forums or the community of your server software could be able to help you.
This is a problem of Baïkal which doesn’t support/isn’t configured with the correct base path. See https://github.com/bitfireAT/davdroid/issues/223#issuecomment-43132214 for more information (or have a look into the Baïkal docs/community).
23.06.2015 Pavel Rojtberg:
its just in the root of the repository… but I can put an additional
downlaod link in the readme.
Thank you very much for your effort and support! I deeply appreciate this!
Cheers to you
It works!!! After another hint from the posteo support I checked my router settings. There I have set up two accesses, a main access and one guest access. So far I was using the guest access to access the net. Checking the settings there showed a possibility to restrict I-Net access only to surfing and mailing. After unchecking the respective check box I tried to use the previously set up DAVdroid account to synch my data and … IT WORKS!!!
So now I am a happy DAVdroid user and posteo customer. What else can I ask for?
Thank you so much for your time and patience in helping me analysing this problem although it was on my side and not on yours. Sorry for any inconvenience.
Just wanted to let you know.
Thanks again. Topic can stay closed.
Ran into this as well. It might even be expected:
Not all web browsers have implemented the Root CA for SHA2 certificates. Consequently, it may be necessary to add the cross-signed certificate below to your server so that the client can verify the certification chain. …
I had followed the instructions to add a cross-signed certificate. Unfortunately, the bundling order in Gandi’s instructions are backwards. I didn’t have any problems with Firefox interpreting the cert chain but SSL Server Test revealed it was “incomplete”. Reversing the order fixed the problem and immediately DAVdroid connected without complaint.
The cert bundle, in correct order, looks like this:
Thanks for your suggestion. This was discussed extensively in #3, please see there. Summary:
Implementing a private certificate storage for DAVdroid is non-trivial and many things would have to be implemented, for example: GUI and functionality for importing a certificate, GUI and functionality for viewing installed certificates, GUI and functionality for removing installed certificates, integration with the multi-threading HttpClient library connection pool.
All these things would be redundant and – while theoretically nice to have – are less important than all the other missing features, and our time resources are limited.
Pull requests and existing solutions we have found are not satisfactory and don’t implement all the things metioned in (1).
The code from Owncloud you mention seems to be the GUI for importing a certificate. The “real code” is in com.owncloud.android.lib.common.network.NetworkUtils. Also, I don’t think they’re using a multi-threaded pool with HttpClient library and I also wonder whether there are options for viewing and removing already accepted certificates (crucial after Heartbleed, for example).
We have created CAdroid to allow users importing their self-signed certificates into the Android storage more easily.
So, thanks again for your suggestion, but at the moment, there’s nothing to be added from our side.