Syncronize with davdroid Version 0.4-alpha + Version 0.4.1-alpha does not work anymore



  • Hi,
    I'd running google play "paid" davdroid running for some weeks for cal/card against my owncloud server without any problems.
    Some days ago "google play updated" (okay I had allowed it ;-) to version 0.4-alpha. Directly after that update it did not syncronize anymore.
    It don't give any error, it's just keep the last sync time before that update and it won't pull or push any changes whether to cal nor card.
    I have used it on a Xperia Z and a Galaxy Note both running a custom ROM, with no changes over the last days.

    Url looks like:
    XXXXYYYY@https://192.168.100.1/owncloud/remote.php/carddav
    XXXXYYYY@https://192.168.100.1/owncloud/remote.php/caldav

    Any idea what change form 0.3x to 0.4 could cause this behaviour?

    ---- some further testing ---

    Deleting the former working davdroid account and the URL on my Galaxy Note and trying to recreate a new account will give "E/A Fehler: Cannot verify hostname: 192.168.100.1


  • developer

    Yes, I think the problem has occured because the account was created with an older DAVdroid version and I don't care for stability between versions as long as it's alpha (sorry, would take too much time for too little progress). So, deleting and creating the account again was the right thing to do.

    Is your SSL certificate issued for "192.168.100.1"?



  • Yes, the SSL certificate is created for and named "192.168.100.1". The certificat setup haven't chanced on my side, did things change vom 0.3x to 0.4?
    Is there kind of a debug switch for creating a davdroid logfile?

    Is there any place to get the 0.36 or 0.38 (I don't remember the correct version) back, as the version worked flawlessly for me?
    This way my "productive" smartphone would be able to sync again and I'd try to fix the error with davdroid >= 0.4 on my older Galaxy Note first.

    BTW: What does the error "E/A Fehler: Cannot verify hostname: 192.168.100.1" indicate?


  • developer

    yes, SSl things changed because of the SNI support. do you use sni in your server configuration?


  • developer

    the error message indicates that tje certificate's host name doesn't match the real one. but there are several verification strategies



  • same issue here (also owncloud). I reimported the cert file in android again but still get the same I/O error message.
    I reinstalled 0.3.8 in f-droid repo and everything work fine again.
    So reading the posts above it must be due to sni support.



  • @rfc2822 : No, I don't use SNI.
    @armiductor : Thanks for your feedback, that clears the root cause for me.

    I checked with a different sync adapter and that worked as expected.



  • Getting the same error on davdroid 0.5.8.1 and 0.5.9: "E/A error: Cannot verify hostname". The server uses SNI, and the hostname I connect to is in the Common Name section. Logcat tells me

    Info davdroid.WebDavResource Using preemptive authentication (not compatible with Digest auth)
    Info davdroid.SNISocketFactory No SNI support below Android 4.2!
    

    (that is everything related to davdroid)
    My Android is indeed version 4.1.2, but it should work nevertheless, shouldn't it?


  • developer

    @azrdev It should, but it doesn't. Only Android 4.2+ supports SNI (just grep the docs).



  • @rfc2822 well, somehow davdroid managed to get a ssl connection some versions ago on the same android version, so somehow it could work without the OS having SNI, and I think it still should.
    Else, my only choices would be

    • downgrade davdroid
    • upgrade Android (much of a hassle)
    • switch the sync adapter (if possible at all)

  • developer

    @azrdev DAVdroid was never able to use SNI on Android < 4.2. In a certain version, there was a severe DAVdroid bug that accepted all certificates – maybe you have tried exactly this version although it wasn't online very long.

    You have more choices, see http://davdroid.bitfire.at/faq/entry/sni-support

    • Either put all host names into the certificate's subjectAltName or
    • mount your DAV service into the default HTTPS virtual host so that there's no need for SNI.
    • You may also use IP- or port-based virtual SSL hosts.

    Personally, I recommend to use CyanogenMod or another open-source version of Android in any case. In the course of this, you can also get a newer Android version (>= 4.2) for many devices.


Log in to reply
 

Looks like your connection to Bitfire App Forums was lost, please wait while we try to reconnect.