HTTPS proxies not supported; sends https:// data unencrypted!

AutoImport-llebegue

Using DAVDroid 0.5.12-alpha the connection to my DAV server is impossible.

What happens on the DAVDdroid side :

I/davdroid.QueryServerDialogFragment( 7393): onCreateLoader
D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "CONNECT dav.anonym.org:443 HTTP/1.1[\r][\n]"
D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "Host: dav.anonym.org[\r][\n]"
D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "Proxy-Connection: Keep-Alive[\r][\n]"
D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "[\r][\n]"
E/EnterpriseContainerManager(  691): ContainerPolicy Service is not yet ready!!!
D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 << "HTTP/1.1 200 Connection established[\r][\n]"
D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 << "[\r][\n]"
F/davdroid.SNISocketFactory( 7393): createLayeredSocket should never be called
D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "OPTIONS /card.php/ HTTP/1.1[\r][\n]"
D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "Host: dav.anonym.org[\r][\n]"
D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "Connection: Keep-Alive[\r][\n]"
D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "User-Agent: DAVdroid/0.5.12-alpha[\r][\n]"
D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "Accept-Encoding: gzip,deflate[\r][\n]"
D/ch.boye.httpclientandroidlib.wire( 7393): http-outgoing-3 >> "[\r][\n]"

There are no logs on the server that the OPTIONS http request was ever made.

Using the DAV server is still ok from Gnome Evolution. I have also checked that no firewall rules was forbiding ma phone to connect.

It seems, but I am not sure, related to the upgrade of OpenSSL to 1.0.1e-2+deb7u6

rfc2822

This seems to be related to a HTTP proxy. You’re using a HTTP proxy, right?

AutoImport-llebegue

Yes indeed I have Adblock proxy configured on my Wifi connection. It seems that disabling it seems to fix the problem.

Next question is why was it ok before ? I have been using this proxy since day one on this phone and DAVDroid too. There was a time when the combinasion of the two was ok.

rfc2822

Next question is why was it ok before ? I have been using this proxy since day one on this phone and DAVDroid too. There was a time when the combinasion of the two was ok.

It’s because of a change in the TLS/SNI connection factory class and how it’s used by the new HttpClient version, so this behaviour should be since 0.5.10.

So please disable the proxy, and I’ll see whether I can fix it somewhen.

rfc2822

I have implemented layered SSL/TLS connections, but unfortunately, the benefits of TlsSniConnectionFactory, namely support for SNI and TLSv1.2 on Android <= 4.4 is not available for HTTP-proxied SSL/TLS connections at the moment.

Implementing this would require to use SSLCertificateSocketFactory.getInsecure() and custom certification management.