HTTPS proxies not supported; sends https:// data unencrypted!



  • Using DAVDroid 0.5.12-alpha the connection to my DAV server is impossible.

    What happens on the DAVDdroid side :

    I/davdroid.QueryServerDialogFragment( 7393): onCreateLoader
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "CONNECT dav.anonym.org:443 HTTP/1.1[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "Host: dav.anonym.org[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "Proxy-Connection: Keep-Alive[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "[\r][\n]"
    E/EnterpriseContainerManager(  691): ContainerPolicy Service is not yet ready!!!
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 << "HTTP/1.1 200 Connection established[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 << "[\r][\n]"
    F/davdroid.SNISocketFactory( 7393): createLayeredSocket should never be called
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "OPTIONS /card.php/ HTTP/1.1[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "Host: dav.anonym.org[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "Connection: Keep-Alive[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "User-Agent: DAVdroid/0.5.12-alpha[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "Accept-Encoding: gzip,deflate[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "[\r][\n]"
    

    There are no logs on the server that the OPTIONS http request was ever made.

    Using the DAV server is still ok from Gnome Evolution. I have also checked that no firewall rules was forbiding ma phone to connect.

    It seems, but I am not sure, related to the upgrade of OpenSSL to 1.0.1e-2+deb7u6


  • developer

    This seems to be related to a HTTP proxy. You're using a HTTP proxy, right?



  • Yes indeed I have Adblock proxy configured on my Wifi connection. It seems that disabling it seems to fix the problem.

    Next question is why was it ok before ? I have been using this proxy since day one on this phone and DAVDroid too. There was a time when the combinasion of the two was ok.


  • developer

    Next question is why was it ok before ? I have been using this proxy since day one on this phone and DAVDroid too. There was a time when the combinasion of the two was ok.

    It's because of a change in the TLS/SNI connection factory class and how it's used by the new HttpClient version, so this behaviour should be since 0.5.10.

    So please disable the proxy, and I'll see whether I can fix it somewhen.


  • developer

    I have implemented layered SSL/TLS connections, but unfortunately, the benefits of TlsSniConnectionFactory, namely support for SNI and TLSv1.2 on Android <= 4.4 is not available for HTTP-proxied SSL/TLS connections at the moment.

    Implementing this would require to use SSLCertificateSocketFactory.getInsecure() and custom certification management.