CertPathValidatorException but my domain is A- on ssllabs



  • Hi,

    I've changed my phone this week end, and download the last version of davdroid.
    But I can't configure my account to sync my contacts from owncloud.
    Certificate seems to work from firefox and chrome mobile... And I've tested my domain on ssllabs and I hate a A- note and it says :

    Trusted Yes
    Certificates provided 2 (3218 bytes)
    Chain issues None
    Path #1: Trusted
    1 Sent by server ****
    2 Sent by server StartCom Class 1 Primary Intermediate Server CA
    3 In trust store StartCom Certification Authority

    Path #2: Trusted
    1 Sent by server ****
    2 Sent by server StartCom Class 1 Primary Intermediate Server CA
    3 In trust store StartCom Certification Authority

    What can be the reason of the error ?


  • developer

    Did you check whether the Root Certificate is active in your phone (Settings / Security / Certificates / System)?

    Also, please provide the exact error message and steps to reproduce, ideally including verbose logs.



  • The root certificate seems ok.
    And I have not very usefull messages ...

    I/davdroid.QueryServerDialogFragment(23077): onCreateLoader
    D/davdroid.DavHttpClient(23077): Disabling compression for debugging purposes
    D/davdroid.DavHttpClient(23077): Logging network traffic for debugging purposes
    D/davdroid.WebDavResource(23077): Using preemptive authentication (not compatible with Digest auth)
    D/ch.boye.httpclientandroidlib.wire(23077): http-outgoing-7 >> "CONNECT ****.****.fr:443 HTTP/1.1[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire(23077): http-outgoing-7 >> "Host: ****.****.fr[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire(23077): http-outgoing-7 >> "Proxy-Connection: Keep-Alive[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire(23077): http-outgoing-7 >> "[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire(23077): http-outgoing-7 << "HTTP/1.1 200 Connected[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire(23077): http-outgoing-7 << "[\r][\n]"
    D/davdroid.SNISocketFactory(23077): Preparing layered SSL connection (over proxy) to ****.****.fr
    


  • Some informations :
    DavDroid/0.6.2-mirakel
    android 4.4.4


  • developer

    In the current implementation, SNI can't be used together with a HTTP/HTTPS proxy. If you really need the proxy for HTTPS, please use the default host name (the one without SNI) and mount the DAV service there.



  • I'm not sure to understand where I have a proxy ?

    • Is it the box from my internet provider doing port redirection ?
    • Is it apache using virtualhosts ?

  • developer

    I'm not sure to understand where I have a proxy ?

    HTTP requests from your mobile device are routed over a HTTP proxy. Were the logs above taken while on WiFi or using mobile data?



  • They are tabkin via mobile data.
    Connexion via wifi works ! So my provider is rerouting my connexion ? I'll go change it so !


  • developer

    You can check that in Settings / Mobile data / Access points (APNs) / your access point / Proxy.



  • Hi, I've changed my phone provider (virgin sucks) and now all works !
    Thank you !!


Log in to reply
 

Looks like your connection to Bitfire App Forums was lost, please wait while we try to reconnect.