Seemingly sporadic HTTP-400 error with client certificates

  • Hi all,
    I sporadically received HTTP 400 errors when connecting to nextcloud/calibre behind nginx reverse proxy which enforces client certificates (in addition to user/password login). The detailed message gave away, that no client certificate had been sent, and logcat showed

    code_text03-09 20:46:33.872 13625 13646 E davx5   : EXCEPTION java.lang.InterruptedException
    03-09 20:46:33.872 13625 13646 E davx5   :      at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.reportInterruptAfterWait(
    03-09 20:46:33.872 13625 13646 E davx5   :      at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(
    03-09 20:46:33.872 13625 13646 E davx5   :      at java.util.concurrent.LinkedBlockingQueue.take(
    03-09 20:46:33.872 13625 13646 E davx5   :      at
    03-09 20:46:33.872 13625 13646 E davx5   :      at
    03-09 20:46:33.872 13625 13646 E davx5   :      at
    03-09 20:46:33.872 13625 13646 E davx5   :      at at.bitfire.davdroid.HttpClient$
    03-09 20:46:33.872 13625 13646 E davx5   :      at at.bitfire.davdroid.syncadapter.SyncManager.<init>(SyncManager.kt:13)
    03-09 20:46:33.872 13625 13646 E davx5   :      at at.bitfire.davdroid.syncadapter.TasksSyncManager.<init>(TasksSyncManager.kt:1)
    03-09 20:46:33.872 13625 13646 E davx5   :      at at.bitfire.davdroid.syncadapter.TasksSyncAdapterService$TasksSyncAdapter.sync(TasksSyncAdapterService.kt:14)
    03-09 20:46:33.872 13625 13646 E davx5   :      at at.bitfire.davdroid.syncadapter.SyncAdapterService$SyncAdapter.onPerformSync(SyncAdapterService.kt:13)
    03-09 20:46:33.872 13625 13646 E davx5   :      at android.content.AbstractThreadedSyncAdapter$

    It took me a while to track down, how to reproduce this:

  • developer

    This post is deleted!
  • developer

    @stephan-ritscher Thanks for the report.

    “Unfortunately”, I was not able to reproduce the problem, neither with your instructions, nor when throwing InterruptedException or setting the thread as interrupted manually.

  • Hi @rfc2822, thanks for checking.
    I received the HTTP-400 error regularly, at least once a day, often several times.
    Maybe the error is more specific to my setup:

    • radicale behind nginx which enforces client certificates from my own CA (previously nextcloud instead of radicale with same problem)
    • hosted on a rasperry pi (implying slower responses)
    • multiple calendars (6), some of them readonly (if I remember correctly, one of the readonly calendars usually failed, but this might be coincidence - it is also first in alphabet), additionally one addressbook (all on same server with same user account)
    • long history of events, all together ~6000 items in total in the calendars/addressbook

    I was quite busy the last week, but today I was able to apply the fix myself:
    I tried to reproduce it using the described procedure and the error was gone. I will monitor it for a couple of days and report back / create a pull request.
    Best regards,

  • Hi @rfc2822,
    good news: while runnning the branch for full 2 days now, the HTTP 400 error didn’t occur one single time. So this seems to fix my problem. I just created the merge request for it.
    Also I wanted to mention, that in the past I experienced Samsung smartphones (with original firmware - that’s actually what I’m currently working with) behave slightly differently regarding crypto API.
    Best regards,

  • developer

    @stephan-ritscher Thanks. I had a look and I think I have discovered the underlying problem. It should be fixed with this commit:

    It doesn’t need extra logic, but instead reduces the code by some lines. Would it be possible that you test this one and tell me whether it fixes your problem?

  • Hi @rfc2822,
    I just managed to install your new fix and after playing around a bit it looks very good. Just as expected, since your code should behave just the same in the error case I had.

  • developer

    @stephan-ritscher Thanks. So this fix will make it to the next release.

  • Today I noticed the http 400 error on my phone with version 3.3.10-ose and nextcloud and it is not going away.

  • developer

    @bobdig And you’re sure it’s the same problem and related to client certificates? Can you please provide the debug info of the exception?

  • @rfc2822 Most probably not related to this. I edited a contact on my phone and then I got this problem. I will delete the mappings and then add them again. Thanks.

Similar topics