Thank you very much, I explore all that.
Seemingly sporadic HTTP-400 error with client certificates
I sporadically received HTTP 400 errors when connecting to nextcloud/calibre behind nginx reverse proxy which enforces client certificates (in addition to user/password login). The detailed message gave away, that no client certificate had been sent, and logcat showed
code_text03-09 20:46:33.872 13625 13646 E davx5 : EXCEPTION java.lang.InterruptedException 03-09 20:46:33.872 13625 13646 E davx5 : at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.reportInterruptAfterWait(AbstractQueuedSynchronizer.java:2034) 03-09 20:46:33.872 13625 13646 E davx5 : at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:2068) 03-09 20:46:33.872 13625 13646 E davx5 : at java.util.concurrent.LinkedBlockingQueue.take(LinkedBlockingQueue.java:442) 03-09 20:46:33.872 13625 13646 E davx5 : at android.security.KeyChain.bindAsUser(KeyChain.java:801) 03-09 20:46:33.872 13625 13646 E davx5 : at android.security.KeyChain.bind(KeyChain.java:766) 03-09 20:46:33.872 13625 13646 E davx5 : at android.security.KeyChain.getCertificateChain(KeyChain.java:621) 03-09 20:46:33.872 13625 13646 E davx5 : at at.bitfire.davdroid.HttpClient$Builder.build(HttpClient.kt:6) 03-09 20:46:33.872 13625 13646 E davx5 : at at.bitfire.davdroid.syncadapter.SyncManager.<init>(SyncManager.kt:13) 03-09 20:46:33.872 13625 13646 E davx5 : at at.bitfire.davdroid.syncadapter.TasksSyncManager.<init>(TasksSyncManager.kt:1) 03-09 20:46:33.872 13625 13646 E davx5 : at at.bitfire.davdroid.syncadapter.TasksSyncAdapterService$TasksSyncAdapter.sync(TasksSyncAdapterService.kt:14) 03-09 20:46:33.872 13625 13646 E davx5 : at at.bitfire.davdroid.syncadapter.SyncAdapterService$SyncAdapter.onPerformSync(SyncAdapterService.kt:13) 03-09 20:46:33.872 13625 13646 E davx5 : at android.content.AbstractThreadedSyncAdapter$SyncThread.run(AbstractThreadedSyncAdapter.java:272)
It took me a while to track down, how to reproduce this:
- Go to apps -> davx5 and kill the process
- Go to accounts -> one of the davx5 account and start synchronization
- Wait a few seconds to a minute until the error appears
“Sporadically” this appears most likely after the process has been killed or “suspended” by Android system, for me quite often during scheduled sync in the night (when the phone isn’t used for longer periods).
I found out that it should suffice to interrupt the thread after catching an InterruptedException in line 217 of https://gitlab.com/ChrisJr4Eva1987/davx5-ose/-/blob/c037b7e1526fb27c8b494673853fbd94c0f0f9f3/app/src/main/java/at/bitfire/davdroid/HttpClient.kt
Please check the lines 460-480 changed in commit of my own implementation: https://gitlab.com/stephan.ritscher/InteractiveKeyManager/-/commit/97591c64122dfff39f76d3f362990dac6d804590
Would be great if you could also fix this soon.
This post is deleted!
@stephan-ritscher Thanks for the report.
“Unfortunately”, I was not able to reproduce the problem, neither with your instructions, nor when throwing
InterruptedExceptionor setting the thread as interrupted manually.
Hi @rfc2822, thanks for checking.
I received the HTTP-400 error regularly, at least once a day, often several times.
Maybe the error is more specific to my setup:
- radicale behind nginx which enforces client certificates from my own CA (previously nextcloud instead of radicale with same problem)
- hosted on a rasperry pi (implying slower responses)
- multiple calendars (6), some of them readonly (if I remember correctly, one of the readonly calendars usually failed, but this might be coincidence - it is also first in alphabet), additionally one addressbook (all on same server with same user account)
- long history of events, all together ~6000 items in total in the calendars/addressbook
I was quite busy the last week, but today I was able to apply the fix myself: https://gitlab.com/stephan.ritscher/davx5-ose/-/tree/fix-certs
I tried to reproduce it using the described procedure and the error was gone. I will monitor it for a couple of days and report back / create a pull request.
good news: while runnning the branch for full 2 days now, the HTTP 400 error didn’t occur one single time. So this seems to fix my problem. I just created the merge request https://gitlab.com/bitfireAT/davx5-ose/-/merge_requests/57 for it.
Also I wanted to mention, that in the past I experienced Samsung smartphones (with original firmware - that’s actually what I’m currently working with) behave slightly differently regarding crypto API.
@stephan-ritscher Thanks. I had a look and I think I have discovered the underlying problem. It should be fixed with this commit:
It doesn’t need extra logic, but instead reduces the code by some lines. Would it be possible that you test this one and tell me whether it fixes your problem?
I just managed to install your new fix and after playing around a bit it looks very good. Just as expected, since your code should behave just the same in the error case I had.
@stephan-ritscher Thanks. So this fix will make it to the next release.