Sync fails for ssl url



  • Hi,
    Since I don't get any response on issue #195 after it has been closed, I created a new one.
    As mentioned, I have a Baikal server that can be addressed with an ordinary http url and a long https url. In case of the https url, davdroid sync fails. Initially this was caused by a server issue. I've fixed this. But now I see an exception in DavDroid.
    Note that the https url works for CardDav (android) and also for eM Client (windows). The server seems to be working fine now.

    input:

    username: test
    password: test
    http url: http://dav.bamax.nl/card.php
    https url: https://cp.mijnreus.nl/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php
    

    The logcat https case:

    04-01 21:59:39.388: W/NvCpuClient(492): Failed to bind to service
    04-01 21:59:39.478: V/Sensors(492): Changed Polling period to 40ms
    04-01 21:59:39.588: D/SyncManager(492): setSyncAutomatically:  provider com.android.contacts, user 0 -> true
    04-01 21:59:39.608: I/PerUserService(702): getService userId=0
    04-01 21:59:39.608: I/PerUserService(702): getMasterSyncAutomatically true
    04-01 21:59:39.668: I/PerUserService(702): getService userId=0
    04-01 21:59:39.668: I/PerUserService(702): getMasterSyncAutomatically true
    04-01 21:59:39.678: D/dalvikvm(2427): GC_CONCURRENT freed 652K, 15% free 5080K/5964K, paused 3ms+9ms, total 42ms
    04-01 21:59:39.678: I/PerUserService(702): getService userId=0
    04-01 21:59:39.688: I/PerUserService(702): getMasterSyncAutomatically true
    04-01 21:59:39.698: I/davdroid.ContactsSyncAdapter(2293): httpClient = ch.boye.httpclientandroidlib.impl.client.InternalHttpClient@42255fd8
    04-01 21:59:39.738: I/davdroid.DavSyncAdapter(2293): Performing sync for authority com.android.contacts
    04-01 21:59:39.748: I/davdroid.ContactsSyncAdapter(2293): httpClient 2 = ch.boye.httpclientandroidlib.impl.client.InternalHttpClient@42255fd8
    04-01 21:59:39.748: D/davdroid.WebDavResource(2293): Using preemptive authentication (not compatible with Digest auth)
    04-01 21:59:39.758: I/davdroid.SyncManager(2293): Remotely removing 0 deleted resource(s) (if not changed)
    04-01 21:59:39.768: I/davdroid.SyncManager(2293): Uploading 0 new resource(s) (if not existing)
    04-01 21:59:39.768: I/davdroid.SyncManager(2293): Uploading 0 modified resource(s) (if not changed)
    04-01 21:59:39.798: D/dalvikvm(2293): GC_CONCURRENT freed 455K, 22% free 2945K/3752K, paused 2ms+3ms, total 28ms
    04-01 21:59:39.858: D/davdroid.SNISocketFactory(2293): Setting SNI hostname
    04-01 21:59:39.868: V/Sensors(492): Changed Polling period to 400ms
    04-01 21:59:39.888: I/davdroid.SNISocketFactory(2293): Established TLSv1 connection with cp.mijnreus.nl using TLS_RSA_WITH_AES_128_CBC_SHA
    04-01 21:59:39.888: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "PROPFIND /ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/ HTTP/1.1[\r][\n]"
    04-01 21:59:39.888: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "Content-Type: text/xml; charset=UTF-8[\r][\n]"
    04-01 21:59:39.888: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "Depth: 0[\r][\n]"
    04-01 21:59:39.888: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "Content-Length: 117[\r][\n]"
    04-01 21:59:39.888: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "Host: cp.mijnreus.nl[\r][\n]"
    04-01 21:59:39.888: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "Connection: Keep-Alive[\r][\n]"
    04-01 21:59:39.888: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "User-Agent: DAVdroid/0.5.11-alpha[\r][\n]"
    04-01 21:59:39.888: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "Accept-Encoding: gzip,deflate[\r][\n]"
    04-01 21:59:39.888: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "Authorization: Basic xxxx[\r][\n]"
    04-01 21:59:39.888: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "[\r][\n]"
    04-01 21:59:39.888: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "<propfind xmlns="DAV:">[\n]"
    04-01 21:59:39.888: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "   <prop>[\n]"
    04-01 21:59:39.888: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "      <CS:getctag xmlns:CS="http://calendarserver.org/ns/"/>[\n]"
    04-01 21:59:39.888: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "   </prop>[\n]"
    04-01 21:59:39.888: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "</propfind>"
    04-01 21:59:41.338: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "HTTP/1.1 207 Multi-Status[\r][\n]"
    04-01 21:59:41.338: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Date: Tue, 01 Apr 2014 19:59:39 GMT[\r][\n]"
    04-01 21:59:41.338: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Server: Apache[\r][\n]"
    04-01 21:59:41.338: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]"
    04-01 21:59:41.338: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "X-Powered-By: PHP/5.3.23[\r][\n]"
    04-01 21:59:41.338: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Expires: Thu, 19 Nov 1981 08:52:00 GMT[\r][\n]"
    04-01 21:59:41.338: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0[\r][\n]"
    04-01 21:59:41.338: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Pragma: no-cache[\r][\n]"
    04-01 21:59:41.338: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Vary: Brief,Prefer[\r][\n]"
    04-01 21:59:41.338: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "DAV: 1, 3, extended-mkcol, addressbook, access-control, calendarserver-principal-property-search[\r][\n]"
    04-01 21:59:41.338: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "X-SERVER: 99[\r][\n]"
    04-01 21:59:41.338: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Content-Type: application/xml; charset=utf-8[\r][\n]"
    04-01 21:59:41.338: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Set-Cookie: PHPSESSID=d5eb5b82d5de8613d26762914b6b3d41; path=/[\r][\n]"
    04-01 21:59:41.338: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Keep-Alive: timeout=15, max=100[\r][\n]"
    04-01 21:59:41.338: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Connection: Keep-Alive[\r][\n]"
    04-01 21:59:41.348: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Transfer-Encoding: chunked[\r][\n]"
    04-01 21:59:41.348: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "[\r][\n]"
    04-01 21:59:41.358: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "1b7[\r][\n]"
    04-01 21:59:41.368: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "<?xml version="1.0" encoding="utf-8"?>[\n]"
    04-01 21:59:41.368: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:card="urn:ietf:params:xml:ns:carddav"><d:response><d:href>/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/</d:href><d:propstat><d:prop><x3:getctag xmlns:x3="http://calendarserver.org/ns/">137</x3:getctag></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat></d:response></d:multistatus>[\n]"
    04-01 21:59:41.388: D/dalvikvm(2293): GC_CONCURRENT freed 418K, 20% free 3003K/3752K, paused 7ms+3ms, total 38ms
    04-01 21:59:41.408: D/davdroid.WebDavResource(2293): Processing multi-status element: https://cp.mijnreus.nl/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/
    04-01 21:59:41.408: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "[\r][\n]"
    04-01 21:59:41.408: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "0[\r][\n]"
    04-01 21:59:41.408: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "[\r][\n]"
    04-01 21:59:41.408: D/davdroid.SyncManager(2293): Last local CTag = 129; current remote CTag = 137
    04-01 21:59:41.408: I/davdroid.SyncManager(2293): Fetching remote resource list
    04-01 21:59:41.438: D/dalvikvm(2293): GC_CONCURRENT freed 407K, 21% free 2991K/3752K, paused 4ms+2ms, total 22ms
    04-01 21:59:41.458: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "PROPFIND /ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/ HTTP/1.1[\r][\n]"
    04-01 21:59:41.458: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "Content-Type: text/xml; charset=UTF-8[\r][\n]"
    04-01 21:59:41.458: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "Depth: 1[\r][\n]"
    04-01 21:59:41.458: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "Content-Length: 134[\r][\n]"
    04-01 21:59:41.458: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "Host: cp.mijnreus.nl[\r][\n]"
    04-01 21:59:41.458: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "Connection: Keep-Alive[\r][\n]"
    04-01 21:59:41.458: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "User-Agent: DAVdroid/0.5.11-alpha[\r][\n]"
    04-01 21:59:41.458: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "Accept-Encoding: gzip,deflate[\r][\n]"
    04-01 21:59:41.458: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "Authorization: Basic xxxxx[\r][\n]"
    04-01 21:59:41.458: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "[\r][\n]"
    04-01 21:59:41.458: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "<propfind xmlns="DAV:">[\n]"
    04-01 21:59:41.458: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "   <prop>[\n]"
    04-01 21:59:41.458: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "      <CS:getctag xmlns:CS="http://calendarserver.org/ns/"/>[\n]"
    04-01 21:59:41.458: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "      <getetag/>[\n]"
    04-01 21:59:41.458: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "   </prop>[\n]"
    04-01 21:59:41.458: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "</propfind>"
    04-01 21:59:42.888: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "HTTP/1.1 207 Multi-Status[\r][\n]"
    04-01 21:59:42.888: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Date: Tue, 01 Apr 2014 19:59:41 GMT[\r][\n]"
    04-01 21:59:42.888: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Server: Apache[\r][\n]"
    04-01 21:59:42.888: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]"
    04-01 21:59:42.888: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "X-Powered-By: PHP/5.3.23[\r][\n]"
    04-01 21:59:42.888: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Expires: Thu, 19 Nov 1981 08:52:00 GMT[\r][\n]"
    04-01 21:59:42.898: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0[\r][\n]"
    04-01 21:59:42.898: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Pragma: no-cache[\r][\n]"
    04-01 21:59:42.898: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Vary: Brief,Prefer[\r][\n]"
    04-01 21:59:42.898: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "DAV: 1, 3, extended-mkcol, addressbook, access-control, calendarserver-principal-property-search[\r][\n]"
    04-01 21:59:42.898: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "X-SERVER: 99[\r][\n]"
    04-01 21:59:42.898: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Content-Type: application/xml; charset=utf-8[\r][\n]"
    04-01 21:59:42.898: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Set-Cookie: PHPSESSID=9c640b5155ebaf4e805c5b42706b1233; path=/[\r][\n]"
    04-01 21:59:42.898: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Keep-Alive: timeout=15, max=99[\r][\n]"
    04-01 21:59:42.898: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Connection: Keep-Alive[\r][\n]"
    04-01 21:59:42.898: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Transfer-Encoding: chunked[\r][\n]"
    04-01 21:59:42.898: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "[\r][\n]"
    04-01 21:59:42.918: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "ff0[\r][\n]"
    04-01 21:59:42.918: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "<?xml version="1.0" encoding="utf-8"?>[\n]"
    04-01 21:59:42.928: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:card="urn:ietf:params:xml:ns:carddav"><d:response><d:href>/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/</d:href><d:propstat><d:prop><x3:getctag xmlns:x3="http://calendarserver.org/ns/">137</x3:getctag></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat><d:propstat><d:prop><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/f62ac0ac-6be1-4f31-bb48-8dd357371134.vcf</d:href><d:propstat><d:prop><d:getetag>"71d13d946a61504ebdf41566cbe354ff"</d:getetag></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat><d:propstat><d:prop><x3:getctag xmlns:x3="http://calendarserver.org/ns/"/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/f39bcafb-2cc1-4ec8-a61d-662a075e4bad.vcf</d:href><d:propstat><d:prop><d:getetag>"c0ee8ec0550d235f69d8bb05bf9b82d0"</d:getetag></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat><d:propstat><d:prop><x3:getctag xmlns:x3="http://calendarserver.org/ns/"/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/0fc75792-781b-4642-be82-f1e3bc83f3b8.vcf</d:href><d:propstat><d:prop><d:getetag>"06ef67c173066c70653592a3fa370138"</d:getetag></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat><d:propstat><d:prop><x3:getctag xmlns:x3="http://calendarserver.org/ns/"/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/2851eff1-b3a9-446f-a0e1-7d4a055f9259.vcf</d:href><d:propstat><d:prop><d:getetag>"b2f7edc085e44a4d6eb733ffd5ee3cf4"</d:getetag></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat><d:propstat><d:prop><x3:getctag xmlns:x3="http://calendarserver.org/ns/"/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/ef1790bf-fb47-4309-a74b-c3f510179da7.vcf</d:href><d:propstat><d:prop><d:getetag>"4debcb0d11d26faacd202b77e0ea11d9"</d:getetag></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat><d:propstat><d:prop><x3:getctag xmlns:x3="http://calendarserver.org/ns/"/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/56663ab5-a9bb-4540-883c-d2cb75e703b6.vcf</d:href><d:propstat><d:prop><d:getetag>"62f89238bbca42a8109bb4b83ffd3ec2"</d:getetag></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat><d:propstat><d:prop><x3:getctag xmlns:x3="http://calendarserver.org/ns/"/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/43833700-581c-4ddb-a4b8-ba20230e621f.vcf</d:href><d:propstat><d:prop><d:getetag>"9b40d92e54a29176e6a021f7c8e9fa26"</d:getetag></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat><d:propstat><d:prop><x3:getctag xmlns:x3="http://calendarserver.org/ns/"/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/5dc766e7-0006-401f-944c-3db2b4cf2315.vcf</d:href><d:propstat><d:prop><d:getetag>"165cc320353cc7e5832fbf8bc621e93e"</d:getetag></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat><d:propstat><d:prop><x3:getctag xmlns:x3="http://calendarserver.org/ns/"/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:respo
    04-01 21:59:42.978: D/dalvikvm(2293): GC_CONCURRENT freed 412K, 21% free 3000K/3752K, paused 10ms+4ms, total 48ms
    04-01 21:59:43.058: D/dalvikvm(2293): GC_CONCURRENT freed 332K, 19% free 3070K/3752K, paused 2ms+2ms, total 19ms
    04-01 21:59:43.078: D/davdroid.WebDavResource(2293): Processing multi-status element: https://cp.mijnreus.nl/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/
    04-01 21:59:43.078: D/davdroid.WebDavResource(2293): Processing multi-status element: https://cp.mijnreus.nl/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/f62ac0ac-6be1-4f31-bb48-8dd357371134.vcf
    04-01 21:59:43.078: D/davdroid.WebDavResource(2293): Processing multi-status element: https://cp.mijnreus.nl/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/f39bcafb-2cc1-4ec8-a61d-662a075e4bad.vcf
    04-01 21:59:43.078: D/davdroid.WebDavResource(2293): Processing multi-status element: https://cp.mijnreus.nl/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/0fc75792-781b-4642-be82-f1e3bc83f3b8.vcf
    04-01 21:59:43.078: D/davdroid.WebDavResource(2293): Processing multi-status element: https://cp.mijnreus.nl/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/2851eff1-b3a9-446f-a0e1-7d4a055f9259.vcf
    04-01 21:59:43.078: D/davdroid.WebDavResource(2293): Processing multi-status element: https://cp.mijnreus.nl/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/ef1790bf-fb47-4309-a74b-c3f510179da7.vcf
    04-01 21:59:43.078: D/davdroid.WebDavResource(2293): Processing multi-status element: https://cp.mijnreus.nl/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/56663ab5-a9bb-4540-883c-d2cb75e703b6.vcf
    04-01 21:59:43.088: D/davdroid.WebDavResource(2293): Processing multi-status element: https://cp.mijnreus.nl/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/43833700-581c-4ddb-a4b8-ba20230e621f.vcf
    04-01 21:59:43.088: D/davdroid.WebDavResource(2293): Processing multi-status element: https://cp.mijnreus.nl/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/5dc766e7-0006-401f-944c-3db2b4cf2315.vcf
    04-01 21:59:43.088: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "[\r][\n]"
    04-01 21:59:43.088: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "0[\r][\n]"
    04-01 21:59:43.088: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "[\r][\n]"
    04-01 21:59:43.118: D/dalvikvm(1546): GC_CONCURRENT freed 377K, 15% free 3280K/3832K, paused 2ms+2ms, total 23ms
    04-01 21:59:43.148: I/davdroid.SyncManager(2293): Fetching 8 new remote resource(s)
    04-01 21:59:43.148: I/davdroid.RemoteCollection(2293): Multi-getting 8 remote resource(s)
    04-01 21:59:43.178: D/dalvikvm(2293): GC_CONCURRENT freed 449K, 20% free 3030K/3752K, paused 2ms+2ms, total 22ms
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "REPORT /ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/ HTTP/1.1[\r][\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "Content-Type: text/xml; charset=UTF-8[\r][\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "Depth: 0[\r][\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "Content-Length: 1322[\r][\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "Host: cp.mijnreus.nl[\r][\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "Connection: Keep-Alive[\r][\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "User-Agent: DAVdroid/0.5.11-alpha[\r][\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "Accept-Encoding: gzip,deflate[\r][\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "Authorization: Basic xxx[\r][\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "[\r][\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "<CD:addressbook-multiget xmlns:CD="urn:ietf:params:xml:ns:carddav" xmlns="DAV:">[\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "   <prop>[\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "      <CD:address-data/>[\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "      <getetag/>[\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "   </prop>[\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "   <href>/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/f39bcafb-2cc1-4ec8-a61d-662a075e4bad.vcf</href>[\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "   <href>/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/56663ab5-a9bb-4540-883c-d2cb75e703b6.vcf</href>[\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "   <href>/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/2851eff1-b3a9-446f-a0e1-7d4a055f9259.vcf</href>[\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "   <href>/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/f62ac0ac-6be1-4f31-bb48-8dd357371134.vcf</href>[\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "   <href>/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/0fc75792-781b-4642-be82-f1e3bc83f3b8.vcf</href>[\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "   <href>/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/ef1790bf-fb47-4309-a74b-c3f510179da7.vcf</href>[\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "   <href>/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/5dc766e7-0006-401f-944c-3db2b4cf2315.vcf</href>[\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "   <href>/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/43833700-581c-4ddb-a4b8-ba20230e621f.vcf</href>[\n]"
    04-01 21:59:43.208: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 >> "</CD:addressbook-multiget>"
    04-01 21:59:44.308: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "HTTP/1.1 403 Forbidden[\r][\n]"
    04-01 21:59:44.308: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Date: Tue, 01 Apr 2014 19:59:43 GMT[\r][\n]"
    04-01 21:59:44.308: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Server: Apache[\r][\n]"
    04-01 21:59:44.308: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]"
    04-01 21:59:44.308: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "X-Powered-By: PHP/5.3.23[\r][\n]"
    04-01 21:59:44.308: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Expires: Thu, 19 Nov 1981 08:52:00 GMT[\r][\n]"
    04-01 21:59:44.308: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0[\r][\n]"
    04-01 21:59:44.308: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Pragma: no-cache[\r][\n]"
    04-01 21:59:44.308: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "X-SERVER: 99[\r][\n]"
    04-01 21:59:44.308: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Content-Type: application/xml; charset=utf-8[\r][\n]"
    04-01 21:59:44.308: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Set-Cookie: PHPSESSID=b8d26bdf9157cdce36fb604858186b03; path=/[\r][\n]"
    04-01 21:59:44.308: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Keep-Alive: timeout=15, max=98[\r][\n]"
    04-01 21:59:44.308: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Connection: Keep-Alive[\r][\n]"
    04-01 21:59:44.308: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "Transfer-Encoding: chunked[\r][\n]"
    04-01 21:59:44.308: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-7 << "[\r][\n]"
    04-01 21:59:44.328: D/class ch.boye.httpclientandroidlib.impl.conn.DefaultManagedHttpClientConnection(2293): http-outgoing-7: Shutdown connection
    04-01 21:59:44.368: D/dalvikvm(2293): GC_CONCURRENT freed 374K, 19% free 3055K/3752K, paused 5ms+2ms, total 44ms
    04-01 21:59:44.368: D/class ch.boye.httpclientandroidlib.impl.conn.DefaultManagedHttpClientConnection(2293): http-outgoing-7: Close connection
    04-01 21:59:44.368: E/davdroid.DavSyncAdapter(2293): Hard HTTP error 403
    04-01 21:59:44.368: E/davdroid.DavSyncAdapter(2293): at.bitfire.davdroid.webdav.HttpException: 403 Forbidden
    04-01 21:59:44.368: E/davdroid.DavSyncAdapter(2293): 	at at.bitfire.davdroid.webdav.WebDavResource.checkResponse(WebDavResource.java:399)
    04-01 21:59:44.368: E/davdroid.DavSyncAdapter(2293): 	at at.bitfire.davdroid.webdav.WebDavResource.checkResponse(WebDavResource.java:383)
    04-01 21:59:44.368: E/davdroid.DavSyncAdapter(2293): 	at at.bitfire.davdroid.webdav.WebDavResource.multiGet(WebDavResource.java:300)
    04-01 21:59:44.368: E/davdroid.DavSyncAdapter(2293): 	at at.bitfire.davdroid.resource.RemoteCollection.multiGet(RemoteCollection.java:88)
    04-01 21:59:44.368: E/davdroid.DavSyncAdapter(2293): 	at at.bitfire.davdroid.syncadapter.SyncManager.pullNew(SyncManager.java:187)
    04-01 21:59:44.368: E/davdroid.DavSyncAdapter(2293): 	at at.bitfire.davdroid.syncadapter.SyncManager.synchronize(SyncManager.java:87)
    04-01 21:59:44.368: E/davdroid.DavSyncAdapter(2293): 	at at.bitfire.davdroid.syncadapter.DavSyncAdapter.onPerformSync(DavSyncAdapter.java:93)
    04-01 21:59:44.368: E/davdroid.DavSyncAdapter(2293): 	at android.content.AbstractThreadedSyncAdapter$SyncThread.run(AbstractThreadedSyncAdapter.java:254)
    04-01 21:59:44.388: I/PerUserService(702): getService userId=0
    04-01 21:59:44.388: I/PerUserService(702): getMasterSyncAutomatically true
    04-01 21:59:44.388: D/SyncManager(492): failed sync operation test u0 (bitfire.at.davdroid), com.android.contacts, SERVER, earliestRunTime 378404, SyncResult: stats [ numParseExceptions: 1]
    04-01 21:59:44.388: I/PerUserService(702): getService userId=0
    04-01 21:59:44.388: I/PerUserService(702): getMasterSyncAutomatically true
    04-01 21:59:44.408: D/SyncManager(492): not retrying sync operation because the error is a hard error: test u0 (bitfire.at.davdroid), com.android.contacts, SERVER, earliestRunTime 383197
    04-01 21:59:44.488: I/PerUserService(702): getService userId=0
    04-01 21:59:44.488: I/PerUserService(702): getMasterSyncAutomatically true
    

    I don't understand the forbidden error. I manually tried the href .vcf urls for the https case and they returned the file without problems. (Note: the current IDs as shown in this log may have changed by now, because I'm still doing some tests).
    The problems seems to be related to the number of new contacts to sync. In case of a single new contact it works.

    The log in case of the http url that does work in DavDroid

    04-01 22:00:05.058: W/NvCpuClient(492): Failed to bind to service
    04-01 22:00:05.168: V/Sensors(492): Changed Polling period to 40ms
    04-01 22:00:05.258: D/SyncManager(492): setSyncAutomatically:  provider com.android.contacts, user 0 -> true
    04-01 22:00:05.278: I/PerUserService(702): getService userId=0
    04-01 22:00:05.278: I/PerUserService(702): getMasterSyncAutomatically true
    04-01 22:00:05.318: I/PerUserService(702): getService userId=0
    04-01 22:00:05.318: I/PerUserService(702): getMasterSyncAutomatically true
    04-01 22:00:05.328: I/PerUserService(702): getService userId=0
    04-01 22:00:05.328: I/PerUserService(702): getMasterSyncAutomatically true
    04-01 22:00:05.328: I/davdroid.ContactsSyncAdapter(2293): httpClient = ch.boye.httpclientandroidlib.impl.client.InternalHttpClient@42242968
    04-01 22:00:05.338: I/davdroid.DavSyncAdapter(2293): Performing sync for authority com.android.contacts
    04-01 22:00:05.348: I/davdroid.ContactsSyncAdapter(2293): httpClient 2 = ch.boye.httpclientandroidlib.impl.client.InternalHttpClient@42242968
    04-01 22:00:05.348: D/davdroid.WebDavResource(2293): Using preemptive authentication (not compatible with Digest auth)
    04-01 22:00:05.368: I/dalvikvm(2427): Jit: resizing JitTable from 4096 to 8192
    04-01 22:00:05.428: I/davdroid.SyncManager(2293): Remotely removing 0 deleted resource(s) (if not changed)
    04-01 22:00:05.428: I/davdroid.SyncManager(2293): Uploading 0 new resource(s) (if not existing)
    04-01 22:00:05.438: I/davdroid.SyncManager(2293): Uploading 0 modified resource(s) (if not changed)
    04-01 22:00:05.488: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-8 >> "PROPFIND /card.php/addressbooks/test/default/ HTTP/1.1[\r][\n]"
    04-01 22:00:05.488: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-8 >> "Content-Type: text/xml; charset=UTF-8[\r][\n]"
    04-01 22:00:05.498: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-8 >> "Depth: 0[\r][\n]"
    04-01 22:00:05.498: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-8 >> "Content-Length: 117[\r][\n]"
    04-01 22:00:05.498: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-8 >> "Host: dav.bamax.nl[\r][\n]"
    04-01 22:00:05.498: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-8 >> "Connection: Keep-Alive[\r][\n]"
    04-01 22:00:05.498: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-8 >> "User-Agent: DAVdroid/0.5.11-alpha[\r][\n]"
    04-01 22:00:05.498: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-8 >> "Accept-Encoding: gzip,deflate[\r][\n]"
    04-01 22:00:05.498: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-8 >> "Authorization: Basic xxxx[\r][\n]"
    04-01 22:00:05.498: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-8 >> "[\r][\n]"
    04-01 22:00:05.498: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-8 >> "<propfind xmlns="DAV:">[\n]"
    04-01 22:00:05.498: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-8 >> "   <prop>[\n]"
    04-01 22:00:05.498: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-8 >> "      <CS:getctag xmlns:CS="http://calendarserver.org/ns/"/>[\n]"
    04-01 22:00:05.498: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-8 >> "   </prop>[\n]"
    04-01 22:00:05.498: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-8 >> "</propfind>"
    04-01 22:00:05.518: D/dalvikvm(2293): GC_CONCURRENT freed 509K, 22% free 2954K/3744K, paused 2ms+2ms, total 22ms
    04-01 22:00:05.558: V/Sensors(492): Changed Polling period to 400ms
    04-01 22:00:05.608: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-8 << "HTTP/1.1 207 Multi-Status[\r][\n]"
    04-01 22:00:05.608: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-8 << "Date: Tue, 01 Apr 2014 20:00:05 GMT[\r][\n]"
    04-01 22:00:05.608: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-8 << "Server: Apache[\r][\n]"
    04-01 22:00:05.608: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-8 << "X-Powered-By: PHP/5.3.23[\r][\n]"
    04-01 22:00:05.608: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-8 << "Expires: Thu, 19 Nov 1981 08:52:00 GMT[\r][\n]"
    04-01 22:00:05.608: D/ch.boye.httpclientandroidlib.wire(2293): http-outgoing-8 << "Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0[\r][\n]"
    04-01 22:00:05.608: D/ch.boye.httpclientandroidlib.wire(2293): ht…
    
    [truncated while importing]

  • developer

    I manually tried the href .vcf urls for the https case and they returned the file without problems. (Note: the current IDs as shown in this log may have changed by now, because I'm still doing some tests).
    The problems seems to be related to the number of new contacts to sync. In case of a single new contact it works.

    It seems that your Web server responds with 403 Forbidden to HTTP REPORT requests. These are used for multi-get (when there's more than one contact/event to fetch).

    Please allow REPORT in your Apache config.



  • If that is the case, why does it work with the short http url? (exactly the same server and account).
    I assume the other carddav clients also use multiget. I can have a closer look to the log of the carddav client. But it is not that elaborate as the davdroid log.

    -------- Original message --------
    From: rfc2822 notifications@github.com
    Date:01/04/2014 23:50 (GMT+01:00)
    To: rfc2822/davdroid davdroid@noreply.github.com
    Cc: Ruben Marsman info@bamax.nl
    Subject: Re: [davdroid] Sync fails for ssl url (#223)

    I manually tried the href .vcf urls for the https case and they returned the file without problems. (Note: the current IDs as shown in this log may have changed by now, because I'm still doing some tests).
    The problems seems to be related to the number of new contacts to sync. In case of a single new contact it works.

    It seems that your Web server responds with 403 Forbidden to HTTP REPORT requests. These are used for multi-get (when there's more than one contact/event to fetch).

    Please allow REPORT in your Apache config.


    Reply to this email directly or view it on GitHub.


  • developer

    If that is the case, why does it work with the short http url? (exactly the same server and account).

    Well, I guess the configuration for the SSL VirtualHost (or the location for the SSL path, which is another than the plain HTTP one) is not the same as the configuration for the HTTP VirtualHost. But that's only a guess since I don't know the exact configuration. Do you know it or is it hosted?

    I assume the other carddav clients also use multiget. I can have a closer look to the log of the carddav client. But it is not that elaborate as the davdroid log.

    Any additional help would be welcome, but the logs are unambiguous: the REPORT request for /ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/ is answered with 403 Forbidden which is not a DAVdroid fault.

    Can you please check whether the REPORT verb is allowed? If it's not the verb, it must be related to the path.



  • My server is hosted so I don't know the details. I see if I can figure it out. Physically the http and https file locations on the server are identical. But the https url contains server redirections. 
    I also try to figure out why other clients don't have this issue.

    -------- Original message --------
    From: rfc2822 notifications@github.com
    Date:02/04/2014 00:57 (GMT+01:00)
    To: rfc2822/davdroid davdroid@noreply.github.com
    Cc: Ruben Marsman info@bamax.nl
    Subject: Re: [davdroid] Sync fails for ssl url (#223)

    If that is the case, why does it work with the short http url? (exactly the same server and account).

    Well, I guess the configuration for the SSL VirtualHost (or the location for the SSL path, which is another than the plain HTTP one) is not the same as the configuration for the HTTP VirtualHost. But that's only a guess since I don't know the exact configuration. Do you know it or is it hosted?

    I assume the other carddav clients also use multiget. I can have a closer look to the log of the carddav client. But it is not that elaborate as the davdroid log.

    Any additional help would be welcome, but the logs are unambiguous: the REPORT request for /ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php/addressbooks/test/default/ is answered with 403 Forbidden which is not a DAVdroid fault.

    Can you please check if the REPORT verb is allowed? If it's not the verb, it must be related to the path.


    Reply to this email directly or view it on GitHub.


  • developer

    It might help to do a REPORT request manually. You may use curl -vX REPORT --data @1.xml <path> where 1.xml contanins the multi-get request like in the logs.



  • That has been very helpful.
    I finally got it working. The problem was again caused by the fact my hoster uses multiple redirections. The href for each of the card items is correct when downloading the file directly. I think both other clients don't use multiget, so it works.
    When passing it in the multi-get message, the long prefix of the hoster ssl servers should not be there.
    I made a workaround in baikal for my setup.

    It would have been easier if:

    1. I could install my own certificate, but it is a shared host:-( A private ip is rather expensive.
    2. davdroid has an option to accept 'not trusted' certificates, like some email apps do.

    Thanks for your help so far and keep up the good work you're doing with davdroid!


  • developer

    It would have been easier if:
    [...]

    1. davdroid has an option to accept 'not trusted' certificates, like some email apps do.

    You can import your certificate, see How do I make Android apps like DAVdroid trusting my certificate?

    Thanks for your help so far and keep up the good work you're doing with davdroid!

    You're welcome. I'm happy that at least some people appreciate the work.



  • I've tried importing the certificate, but it does not work. The shared host server has a single certificate. The certificate hostname will not match users domain names like dav.bamax.nl. For that reason, it will never be trusted.
    The certificate does not even show up in the Android imported certificates.
    Since I read that davdroid will not accept incorrect certificates (soon), I asked my hoster for an url that uses their own domain name and a wildcard certificate.
    The result is the long url that gave me the headaches:-)

    rfc2822 notifications@github.com wrote:

    It would have been easier if:
    [...]

    1. davdroid has an option to accept 'not trusted' certificates, like some email apps do.

    You can import your certifcate, see How do I make Android apps like DAVdroid trusting my certificate?

    Thanks for your help so far and keep up the good work you're doing with davdroid!

    You're welcome. I'm happy that at least some people appreciate the work.


    Reply to this email directly or view it on GitHub.


  • developer

    I've tried importing the certificate, but it does not work. The shared host server has a single certificate. The certificate hostname will not match users domain names like dav.bamax.nl. For that reason, it will never be trusted.

    Yes, the certificate is issued for "parallels.com": https://www.ssllabs.com/ssltest/analyze.html?d=dav.bamax.nl

    So, if you connect to dav.bamax.nl and the other endpoint identifies as parallels.com, it's expected TLS behaviour that the connection will not be trusted.

    The certificate does not even show up in the Android imported certificates.

    Which one do you mean? It won't show up because in case of cp.mijnreus.nl, it's signed by AddTrust which is already in the Android trust store: https://www.ssllabs.com/ssltest/analyze.html?d=cp.mijnreus.nl

    Since I read that davdroid will not accept incorrect certificates (soon),

    It won't accept incorrect certificates ever to protect the privacy of our users. In issue #3, there's a discussion whether self-signed certificates should be accepted by an app-level certificate management (without having to import the certificate into Android), but this is not targeted for incorrect certificates.

    I asked my hoster for an url that uses their own domain name and a wildcard certificate. The result is the long url that gave me the headaches:-)

    At least, it's a valid certificate :)



  • @RubenMarsman:

    When passing it in the multi-get message, the long prefix of the hoster ssl servers should not be there. I made a workaround in baikal for my setup.

    I'm having exactly the same problem with my OVH Shard Hosting. I'm wondering what exactly the workaround was, which made to your baikal setup? I would really appreciate if you could share it :)



  • Hi,
    I don't mind sharing, but it is not a small fix. I had to change a number of files.
    First let me try to explain what I did:
    To get a valid certificate for SSL, my hosted server needs to be addressed via another server that forwards the requests. Actually, in my case there are two servers in between but that should not make a difference.
    Instead of using

    https://dav.bamax.nl/card.php
    

    I must use

    https://cp.mijnreus.nl/ssl/81/www.s1007571-15164.mijnreus.nl/dav.bamax.nl/card.php
    

    For this initial request by a card/caldav client this is ok. But the server response is a list of absolute URLs of the items requested. Since the server thinks it is dav.bamax.nl the returned urls do not include the SSL server path and thus are incorrect.
    If fixed this by adding a prefix to all href fields returned by baikal.

    Prefix: /ssl/81/www.s1007571-15164.mijnreus.nl 
    
    The actual prefix required may differ due to the setup of your hoster. 
    Check the response messages of baikal. 
    The logs above and the suggestions of rfc2822 can help you what to do.
    

    However. This does not work for a multiget. The item references in a multiget response message are relative. In that case, the added prefix must be removed.

    I used baikal-flat 0.2.7.
    Changes:
    [1] Set URL prefix
    \Core\Frameworks\Flake\Framework.php around line 148
    Added before: # Determine PROJECT_BASEURI

    
    		define("DAV_HOSTNAME", "dav.bamax.nl");
    		if ($_SERVER["SERVER_NAME"]!=DAV_HOSTNAME)
    		{
    			define("SSL_PREFIX_FIX", "/ssl/81/www.s1007571-15164.mijnreus.nl");									
    		}		
    		else
    		{
    			define("SSL_PREFIX_FIX", "");
    		}
    

    Based on whether the server is accessed directly or not, set a prefix.

    [2] Change Href values
    \vendor\sabre\dav\lib\Sabre\CalDAV\Notifications\Notification\Invite.php around line 229
    change

    $hostHref = $doc->createElement('d:href', $server->getBaseUri() . $this->hostUrl);
    

    info

    $hostHref = $doc->createElement('d:href', SSL_PREFIX_FIX.$server->getBaseUri() . $this->hostUrl);
    

    \vendor\sabre\dav\lib\Sabre\CalDAV\Notifications\Notification\InviteReply.php around line 179
    change

    $hostHref = $doc->createElement('d:href', $server->getBaseUri() . $this->hostUrl);
    

    into

    $hostHref = $doc->createElement('d:href', SSL_PREFIX_FIX.$server->getBaseUri() . $this->hostUrl);
    

    \vendor\sabre\dav\lib\Sabre\DAV\Property\Href.php around line 72
    change

     $value = $server->getBaseUri() . DAV\URLUtil::encodePath($this->href);
    

    into

    $value = SSL_PREFIX_FIX.$server->getBaseUri() . DAV\URLUtil::encodePath($this->href);
    

    \vendor\sabre\dav\lib\Sabre\DAV\Property\HrefList.php around line 73
    change

    $value = $server->getBaseUri() . DAV\URLUtil::encodePath($href);
    

    into

    $value = SSL_PREFIX_FIX.$server->getBaseUri() . DAV\URLUtil::encodePath($href);
    

    \vendor\sabre\dav\lib\Sabre\DAV\Property\LockDiscovery.php around line 84
    change

    $href->appendChild($doc->createTextNode($server->getBaseUri() . $lock->uri));
    

    into

    $href->appendChild($doc->createTextNode(SSL_PREFIX_FIX.$server->getBaseUri() . $lock->uri));
    

    \vendor\sabre\dav\lib\Sabre\DAV\Property\Response.php around line 88
    change

    $uri = $server->getBaseUri() . $uri;
    

    into

    $uri = SSL_PREFIX_FIX.$server->getBaseUri() . $uri;
    

    \vendor\sabre\dav\lib\Sabre\DAVACL\Exception\NeedPrivileges.php around line 69
    change

    $resource->appendChild($doc->createElementNS('DAV:','d:href',$server->getBaseUri() . $this->uri));
    

    into

    $resource->appendChild($doc->createElementNS('DAV:','d:href',SSL_PREFIX_FIX.$server->getBaseUri() . $this->uri));
    

    \vendor\sabre\dav\lib\Sabre\DAVACL\Property\Acl.php around line 191
    change

    $principal->appendChild($doc->createElementNS('DAV:','d:href',($this->prefixBaseUrl?$server->getBaseUri():'') . $ace['principal'] . '/'));
    

    into

    $principal->appendChild($doc->createElementNS('DAV:','d:href',($this->prefixBaseUrl?SSL_PREFIX_FIX.$server->getBaseUri():'') . $ace['principal'] . '/'));
    

    \vendor\sabre\dav\lib\Sabre\DAVACL\Property\Principal.php around line 123
    change

    $href->nodeValue = $server->getBaseUri() . DAV\URLUtil::encodePath($this->href);
    

    into

    $href->nodeValue = SSL_PREFIX_FIX.$server->getBaseUri() . DAV\URLUtil::encodePath($this->href);
    

    [3] Re(correct) multi-get messages
    \vendor\sabre\dav\lib\Sabre\CalDAV\Plugin.php around line 491
    change

    $uri = $this->server->calculateUri($elem->nodeValue);
    

    into

    $cut = substr($elem->nodeValue, strlen(SSL_PREFIX_FIX));
                $uri = $this->server->calculateUri($cut);
    

    \vendor\sabre\dav\lib\Sabre\CardDAV\Plugin.php around line 281
    change

    $uri = $this->server->calculateUri($elem->nodeValue);
    

    into

    $cut = substr($elem->nodeValue, strlen(SSL_PREFIX_FIX));
                $uri = $this->server->calculateUri($cut);		
    

    That's it. Have fun with this puzzle:-)

    Note that due to my hoster setup I also had another issue getting basic authentication working. I made a simple workaround for this and made an issie in the baikal database.https://github.com/jeromeschneider/Baikal/issues/214
    However, I have not seen a sign of activity with baikal issues for month.



  • Oh wow, thanks for the detailed answer! I will have a try on this next week or so. Whenever I can find some time :) Maybe I will issue a pullrequest then on baikal to provide an option for this special case.

    That's it. Have fun with this puzzle:-)

    I will do my best :D

    However, I have not seen a sign of activity with baikal issues for month.

    Yeah, sadly I noticed this already when I was digging through the baikal issues some days ago :/ Hopefully nothing happened to Jerome and it only is a lack of time and that he will find some time again maintaining baikal at some point. It's really some great piece of software.



  • @mozzbozz Nothing bad happened to me, just legal issues and a firm to run :)

    A huge product backlog has built up indeed, and we've been pushing towards Baïkal 2.0. I relied a lot on the user community to answer it's own questions when possible - which it deed actually ! I'm thankful for that.


Log in to reply
 

Looks like your connection to Bitfire App Forums was lost, please wait while we try to reconnect.