Missing SSL SNI - possible certificate mismatch

AutoImport-kibago

Hi,

I have just updated davdroid to the latest version and I now get a ssl certificate mismatch error when trying to add a new account.

I host my own caldav and carddav server (baïkal with nginx as a reverse proxy) on a dedicated server, on which I have several ssl virtualhosts (same ip address).

After investigating I think the issue comes from the fact that the davdroid client doesn’t seem to use ssl SNI (Server Name Identification), which allows the webserver to choose the correct certificate during ssl handshake.

However the HttpComponents library seems to support this extension since 4.3.2 : https://issues.apache.org/jira/browse/HTTPCLIENT-1119

Thanks

rfc2822

HttpClient only provides SNI support for Java 7 which is not available for Android. This is why the extra TlsSniSocketFactory “hack” is required for Android, and it works only for Android 4.2+.

AutoImport-kibago

Ok, thanks for the info.

rfc2822

And it’s fixed with 0.5.10.1

Missing SSL SNI - possible certificate mismatch

Similar topics

secp521r1 → javax.net.ssl.SSLHandshakeException: Handshake failed
DAVx⁵ • tls solved • • GuilleW

HTTP (no SSL) sync crashes with javax.net.ssl.SSLPeerUnverifiedException
DAVx⁵ • • AutoImport-svrkispm

Problem with SSL Certificate Android
DAVx⁵ • • AutoImport-joe-13

Missing SSL SNI - possible certificate mismatch

Similar topics

secp521r1 → javax.net.ssl.SSLHandshakeException: Handshake failed DAVx⁵ • tls solved • • GuilleW

HTTP (no SSL) sync crashes with javax.net.ssl.SSLPeerUnverifiedException DAVx⁵ • • AutoImport-svrkispm

Problem with SSL Certificate Android DAVx⁵ • • AutoImport-joe-13

secp521r1 → javax.net.ssl.SSLHandshakeException: Handshake failed
DAVx⁵ • tls solved • • GuilleW

HTTP (no SSL) sync crashes with javax.net.ssl.SSLPeerUnverifiedException
DAVx⁵ • • AutoImport-svrkispm

Problem with SSL Certificate Android
DAVx⁵ • • AutoImport-joe-13