DAVdroid sends plain HTTP request instead of HTTPS



  • I run a Raspberry Pi with Baikal installed using HTTPS with nginx and authentication type set to basic. I use a self-signed certificate which is installed to the device. Everything worked perfectly for a long time.

    Recently I noticed that DAVdroid fails to synchronize my calendar. Thunderbird with Lightning installed still works.

    Looking at logcat output I discovered that DAVdroid sends a plain HTTP request instead of a HTTPS one and gets rejected by nginx. I tried to remove the calendar and add it again but it fails for the same reason. I checked the request with nc and can confirm that the request is sent without any encryption.

    Because of the fact that it worked and I performed a DAVdroid update to the latest version around the time synchronization stopped working I think there is maybe something wrong with the updated HttpClient lib or the (re)added SNI or HTTP support.

    I tried a downgrade with the packages provided by f-spot without success. Unfortunately, f-spot only provides the last 3 versions and I am currently not able to compile older releases for myself, but if someone could pass me an older version I could try it.

    Logcat output:

    I/davdroid.DavSyncAdapter( 9805): Performing sync for authority com.android.calendar
    D/davdroid.WebDavResource( 9805): Using preemptive authentication (not compatible with Digest auth)
    D/davdroid.WebDavResource( 9805): Using preemptive authentication (not compatible with Digest auth)
    I/davdroid.SyncManager( 9805): Remotely removing 0 deleted resource(s) (if not changed)
    I/davdroid.SyncManager( 9805): Uploading 0 new resource(s) (if not existing)
    I/davdroid.SyncManager( 9805): Uploading 0 modified resource(s) (if not changed)
    I/davdroid.SyncManager( 9805): Synchronization forced
    I/davdroid.SyncManager( 9805): Fetching remote resource list
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 >> "CONNECT SERVER:PORT HTTP/1.1[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 >> "Host: SERVER:PORT[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 >> "Proxy-Connection: Keep-Alive[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 >> "[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 << "HTTP/1.1 200 Connection established[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 << "[\r][\n]"
    F/davdroid.SNISocketFactory( 9805): createLayeredSocket should never be called
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 >> "PROPFIND /cal.php/calendars/tim/uni/ HTTP/1.1[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 >> "Content-Type: text/xml; charset=UTF-8[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 >> "Depth: 1[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 >> "Content-Length: 134[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 >> "Host: SERVER:PORT[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 >> "Connection: Keep-Alive[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 >> "User-Agent: DAVdroid/0.5.12-alpha[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 >> "Accept-Encoding: gzip,deflate[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 >> "Authorization: Basic XXXXXXXXX[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 >> "[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 >> "<propfind xmlns="DAV:">[\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 >> "   <prop>[\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 >> "      <CS:getctag xmlns:CS="http://calendarserver.org/ns/"/>[\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 >> "      <getetag/>[\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 >> "   </prop>[\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 >> "</propfind>"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 << "HTTP/1.1 400 Bad Request[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 << "Server: nginx[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 << "Date: Tue, 06 May 2014 16:09:17 GMT[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 << "Content-Type: text/html; charset=utf-8[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 << "Content-Length: 264[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 << "Connection: close[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 << "[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 << "<html>[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 << "<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 << "<body bgcolor="white">[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 << "<center><h1>400 Bad Request</h1></center>[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 << "<center>The plain HTTP request was sent to HTTPS port</center>[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 << "<hr><center>nginx</center>[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 << "</body>[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 9805): http-outgoing-5 << "</html>[\r][\n]"
    E/davdroid.DavSyncAdapter( 9805): Hard HTTP error 400
    E/davdroid.DavSyncAdapter( 9805): at.bitfire.davdroid.webdav.HttpException: 400 Bad Request
    E/davdroid.DavSyncAdapter( 9805): 	at at.bitfire.davdroid.webdav.WebDavResource.checkResponse(WebDavResource.java:399)
    E/davdroid.DavSyncAdapter( 9805): 	at at.bitfire.davdroid.webdav.WebDavResource.checkResponse(WebDavResource.java:383)
    E/davdroid.DavSyncAdapter( 9805): 	at at.bitfire.davdroid.webdav.WebDavResource.propfind(WebDavResource.java:259)
    E/davdroid.DavSyncAdapter( 9805): 	at at.bitfire.davdroid.resource.RemoteCollection.getMemberETags(RemoteCollection.java:65)
    E/davdroid.DavSyncAdapter( 9805): 	at at.bitfire.davdroid.syncadapter.SyncManager.synchronize(SyncManager.java:75)
    E/davdroid.DavSyncAdapter( 9805): 	at at.bitfire.davdroid.syncadapter.DavSyncAdapter.onPerformSync(DavSyncAdapter.java:101)
    E/davdroid.DavSyncAdapter( 9805): 	at android.content.AbstractThreadedSyncAdapter$SyncThread.run(AbstractThreadedSyncAdapter.java:259)```

  • developer

    This problem arises from the use of a HTTPS proxy. At the moment, TlsSniSocketFactory doesn't implement createLayeredSocket which would be required for HTTPS proxy support.

    I guess that for implementing, a special socket proxy class would be required that proxies all content of the SSL socket to the plainSocket (because the SSL socket can't be created on top of the plain socket like it's usual due to the SNI problem).


  • developer

    Please follow up at #232.


Log in to reply
 

Looks like your connection to Bitfire App Forums was lost, please wait while we try to reconnect.