HTTPS proxies not supported; sends https:// data unencrypted!



  • Using DAVDroid 0.5.12-alpha the connection to my DAV server is impossible.

    What happens on the DAVDdroid side :

    I/davdroid.QueryServerDialogFragment( 7393): onCreateLoader
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "CONNECT dav.anonym.org:443 HTTP/1.1[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "Host: dav.anonym.org[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "Proxy-Connection: Keep-Alive[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "[\r][\n]"
    E/EnterpriseContainerManager(  691): ContainerPolicy Service is not yet ready!!!
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 << "HTTP/1.1 200 Connection established[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 << "[\r][\n]"
    F/davdroid.SNISocketFactory( 7393): createLayeredSocket should never be called
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "OPTIONS /card.php/ HTTP/1.1[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "Host: dav.anonym.org[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "Connection: Keep-Alive[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "User-Agent: DAVdroid/0.5.12-alpha[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "Accept-Encoding: gzip,deflate[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "[\r][\n]"
    

    There are no logs on the server that the OPTIONS http request was ever made.

    Using the DAV server is still ok from Gnome Evolution. I have also checked that no firewall rules was forbiding ma phone to connect.

    It seems, but I am not sure, related to the upgrade of OpenSSL to 1.0.1e-2+deb7u6


  • developer

    This seems to be related to a HTTP proxy. You're using a HTTP proxy, right?



  • Yes indeed I have Adblock proxy configured on my Wifi connection. It seems that disabling it seems to fix the problem.

    Next question is why was it ok before ? I have been using this proxy since day one on this phone and DAVDroid too. There was a time when the combinasion of the two was ok.


  • developer

    Next question is why was it ok before ? I have been using this proxy since day one on this phone and DAVDroid too. There was a time when the combinasion of the two was ok.

    It's because of a change in the TLS/SNI connection factory class and how it's used by the new HttpClient version, so this behaviour should be since 0.5.10.

    So please disable the proxy, and I'll see whether I can fix it somewhen.


  • developer

    I have implemented layered SSL/TLS connections, but unfortunately, the benefits of TlsSniConnectionFactory, namely support for SNI and TLSv1.2 on Android <= 4.4 is not available for HTTP-proxied SSL/TLS connections at the moment.

    Implementing this would require to use SSLCertificateSocketFactory.getInsecure() and custom certification management.


Log in to reply
 

Looks like your connection to Bitfire App Forums was lost, please wait while we try to reconnect.