Any news on this?
Custom certificate broken on Android 4
-
Could you please provide steps to reproduce? I’d really like to have a look at this, but I can’t reproduce the problem and so I just can’t do anything except wondering why it doesn’t work.
-
@rfc2822 thanks for the reminder and sorry for overlooking that.
All I do to reproduce is tell DavDroid to sync, this started happening without any config changes either server or client side, just after a recent update. As I mentioned I am guessing it is related to 1.3 when support for custom certs on newer android was introduced.
Info is here:
SOFTWARE INFORMATION DAVdroid version: 1.3.2.2-ose (120) Sun Oct 09 09:51:43 CEST 2016 Installed from: org.fdroid.fdroid JB Workaround installed: no CONFIGURATION System-wide synchronization: automatically Account: xxx Address book sync. interval: manually Calendar sync. interval: — OpenTasks sync. interval: — WiFi only: false [CardDAV] Contact group method: GROUP_VCARDS RFC 6868 encoding: true [CalDAV] Time range (past days): 90 Manage calendar colors: true Account: xxx Address book sync. interval: — Calendar sync. interval: manually OpenTasks sync. interval: — WiFi only: false [CardDAV] Contact group method: GROUP_VCARDS RFC 6868 encoding: true [CalDAV] Time range (past days): 90 Manage calendar colors: true SQLITE DUMP android_metadata | locale | | fr_FR | ---------- settings | setting | value | | logToExternalStorage | 0 | | distrustSystemCerts | 0 | ---------- services | _id | accountName | service | principal | | 1 | xxx-card | carddav | https://xxx/baikal/card.php/principals/xxx/ | | 2 | xxx | caldav | https://xxx/baikal/cal.php/principals/xxx/ | ---------- sqlite_sequence | name | seq | | services | 2 | | collections | 7 | | homesets | 5 | ---------- homesets | _id | serviceID | url | | 1 | 1 | https://xxx/baikal/card.php/addressbooks/xxx/ | | 5 | 2 | https://xxx/baikal/cal.php/calendars/xxx/ | ---------- collections | _id | serviceID | url | readOnly | displayName | description | color | timezone | supportsVEVENT | supportsVTODO | sync | | 2 | 1 | https://xxx/baikal/card.php/addressbooks/xxx/default/ | 0 | Default Address Book | Default Address Book for xxx | <null> | <null> | <null> | <null> | 1 | | 7 | 2 | https://xxx/baikal/cal.php/calendars/xxx/default/ | 0 | Default calendar | Default calendar | <null> | <null> | 1 | 1 | 1 | ---------- SYSTEM INFORMATION Android version: 4.4.4 (cm_crespo-userdebug 4.4.4 KTU84Q b7a4be7610 test-keys) Device: Samsung Nexus S (crespo)
-
@solstag said in Custom certificate broken on Android 4:
All I do to reproduce is tell DavDroid to sync, this started happening without any config changes either server or client side, just after a recent update. As I mentioned I am guessing it is related to 1.3 when support for custom certs on newer android was introduced.
Thanks, but I would need steps which I can do to reproduce the problem. When I synchronize my account, everything works
And I can’t debug a working configuration.
Does this happen on a fresh DAVdroid installation too?
-
Ok, I’ve found a workaround that kinda works for me.
- open Davdroid
- go to settings and switch on the option “Distrust system certificates”
- now switch it off !
- go to one of your accounts and request syncing
- account gets synced (not sure if completely, but from a glance at changes it seems to work)
- however, if you try syncing another account it does not work, you have to restart the procedure from the top
Hope this can help fix it !
-
@bodo Do you have “distrust system certificates” enabled? Do you use a custom certificate which is not installed in Android? Does this happen for a fresh DAVdroid installation, too? Did you disable notifications for DAVdroid?
I can’t reproduce this problem neither with Android 4.4 and a custom certificate, nor with “distrust system certificates” and a PKI-trusted certificate. On Android 5.1 and 6.0, everything also seems to work as expected and the tests are successful, too.
So I’d need far more information to have a look into this
… including what certificate is used, steps to reproduce (since a fresh installation of DAVdroid) etc.
-
@rfc2822 I know your problem very well!
What about an account on my ownCloud server?
How to transfer username, password and url? -
@bodo You could send it to play@bitfire.at (OpenPGP). I however doubt that it’s related to the server, it sounds like a local problem.
-
@rfc2822 You are right, it is a local problem.
I played around with the new account and as usual, it works
But I found the solution:
The host name of the url must exactly match to the host name (CN) of the certificate.
In my case I removed the “www.” in the DAVdroid config.
Now I added a new account to DAVdroid with the “www.” part in the url and it works fine.This also happens on Test account.
Thanks
Bodo
-
Hi,
I ended up having to move my stuff to a server with a valid certificate for other reasons, so I won’t be able to help any further, thanks for the assistance.
The fact that the workaround works is the best clue I have on what could be wrong.
Cheers!
-
Seems to be solved with version 1.3.3.
Many thanks to rfc2822!