Cannot verify hostname, who is to blame ? Logcat output



  • Hi,

    I'm using Cyanogen Cyanogen 11 on my Moto G.

    I've got the classic "Cannot verify hostname" on webmail.web4all.fr (I'm not owning the domain). The certificate looks OK to me (https://www.ssllabs.com/ssltest/analyze.html?d=webmail.web4all.fr). While roughly looking at the logcat output (https://gist.github.com/jbd/4efd6003f62562eb4b64), I'm not sure if the problem is on the server or client side.

    Some lines looks suspicious to me :

    I/davdroid.WebDavResource( 8269): Redirection on PROPFIND; trying again at new content URL: https://webmail.web4all.fr:80/dav

    What is your opinion ?


  • developer

    As you say, the service redirects to webmail.web4all.fr on port 80 (!). Is that correct? At least my browser shows an error at https://webmail.web4all.fr:80/.



  • Thank you for your answer. The website https://webmail.web4all.fr/ is ok. So it's look like at least PROPFIND is wrongly redirected. I'll check with the upstream support.



  • I've tested with a 4.4.2 stock android rom, same problem. Not sure if the problem is on their side, but the web4all support team is kind enough to investigate. I keep you posted.



  • Hi,

    there has been some investigation on the web4all side, but nothing concrete comes out of it. Some people has been reporting that davdroid has stopped working since 0.6, but I have nothing more specific to give you sorry.

    The web4all support cannot reproduce the weird https over 80 redirection behaviour using curl (you can use an invalid name/password) :

    $ curl \
    >     -D- -1 -v -L \
    >     --request PROPFIND --user "***" --header "Content-Type: text/xml" \
    >      --data "<propfind xmlns='DAV:'><prop><current-user-principal/></prop></propfind>" \
    >      https://webmail.web4all.fr/.well-known/carddav
    Enter host password for user '***':
    * Hostname was NOT found in DNS cache
    *   Trying 185.49.20.40...
    * Connected to webmail.web4all.fr (185.49.20.40) port 443 (#0)
    * successfully set certificate verify locations:
    *   CAfile: none
      CApath: /etc/ssl/certs
    * SSLv3, TLS handshake, Client hello (1):
    * SSLv3, TLS handshake, Server hello (2):
    * SSLv3, TLS handshake, CERT (11):
    * SSLv3, TLS handshake, Server key exchange (12):
    * SSLv3, TLS handshake, Server finished (14):
    * SSLv3, TLS handshake, Client key exchange (16):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
    * Server certificate:
    *        subject: serialNumber=508070679; 1.3.6.1.4.1.311.60.2.1.3=FR; 1.3.6.1.4.1.311.60.2.1.1=PARIS; businessCategory=Private Organization; C=FR; postalCode=75019; ST=PARIS; L=PARIS; street=148 boulevard Macdonald; O=ASSOCIATION WEB4ALL; OU=WEB4ALL; OU=COMODO EV Multi-Domain SSL; CN=www.web4all.fr
    *        start date: 2014-05-03 00:00:00 GMT
    *        expire date: 2014-11-11 23:59:59 GMT
    *        subjectAltName: webmail.web4all.fr matched
    *        issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO Extended Validation Secure Server CA
    *        SSL certificate verify ok.
    * Server auth using Basic with user '***'
    > PROPFIND /.well-known/carddav HTTP/1.1
    > Authorization: Basic KioqOioqKg==
    > User-Agent: curl/7.38.0
    > Host: webmail.web4all.fr
    > Accept: */*
    > Content-Type: text/xml
    > Content-Length: 72
    > 
    * upload completely sent off: 72 out of 72 bytes                                                                                                                                                                                                                               
    < HTTP/1.1 301 Moved Permanently                                                                                                                                                                                                                                               
    HTTP/1.1 301 Moved Permanently                                                                                                                                                                                                                                                 
    * Server nginx is not blacklisted                                                                                                                                                                                                                                              
    < Server: nginx                                                                                                                                                                                                                                                                
    Server: nginx                                                                                                                                                                                                                                                                  
    < Date: Thu, 30 Oct 2014 11:21:00 GMT                                                                                                                                                                                                                                          
    Date: Thu, 30 Oct 2014 11:21:00 GMT                                                                                                                                                                                                                                            
    < Content-Length: 0                                                                                                                                                                                                                                                            
    Content-Length: 0                                                                                                                                                                                                                                                              
    < Location: http://webmail.web4all.fr:80/dav                                                                                                                                                                                                                                   
    Location: http://webmail.web4all.fr:80/dav                                                                                                                                                                                                                                     
    < Set-Cookie: SERVERID=zose-proxy02a; path=/                                                                                                                                                                                                                                   
    Set-Cookie: SERVERID=zose-proxy02a; path=/                                                                                                                                                                                                                                     
    < Cache-control: private                                                                                                                                                                                                                                                       
    Cache-control: private                                                                                                                                                                                                                                                         
                                                                                                                                                                                                                                                                                   
    <                                                                                                                                                                                                                                                                              
    * Connection #0 to host webmail.web4all.fr left intact                                                                                                                                                                                                                         
    * Issue another request to this URL: 'http://webmail.web4all.fr:80/dav'                                                                                                                                                                                                        
    * Switch from POST to GET                                                                                                                                                                                                                                                      
    * Found bundle for host webmail.web4all.fr: 0x23e05f0                                                                                                                                                                                                                          
    * Hostname was NOT found in DNS cache                                                                                                                                                                                                                                          
    *   Trying 185.49.20.40...                                                                                                                                                                                                                                                     
    * Connected to webmail.web4all.fr (185.49.20.40) port 80 (#1)                                                                                                                                                                                                                  
    * Server auth using Basic with user '***'                                                                                                                                                                                                                                      
    > PROPFIND /dav HTTP/1.1                                                                                                                                                                                                                                                       
    > Authorization: Basic KioqOioqKg==                                                                                                                                                                                                                                            
    > User-Agent: curl/7.38.0                                                                                                                                                                                                                                                      
    > Host: webmail.web4all.fr                                                                                                                                                                                                                                                     
    > Accept: */*                                                                                                                                                                                                                                                                  
    > Content-Type: text/xml                                                                                                                                                                                                                                                       
    >                                                                                                                                                                                                                                                                              
    < HTTP/1.1 302 Found                                                                                                                                                                                                                                                           
    HTTP/1.1 302 Found                                                                                                                                                                                                                                                             
    < Cache-Control: no-cache                                                                                                                                                                                                                                                      
    Cache-Control: no-cache                                                                                                                                                                                                                                                        
    < Content-length: 0                                                                                                                                                                                                                                                            
    Content-length: 0                                                                                                                                                                                                                                                              
    < Location: https://webmail.web4all.fr/dav                                                                                                                                                                                                                                     
    Location: https://webmail.web4all.fr/dav
    < Connection: close
    Connection: close
    
    < 
    * Closing connection 1
    * Issue another request to this URL: 'https://webmail.web4all.fr/dav'
    * Found bundle for host webmail.web4all.fr: 0x23e05f0
    * Re-using existing connection! (#0) with host webmail.web4all.fr
    * Connected to webmail.web4all.fr (185.49.20.40) port 443 (#0)
    * Server auth using Basic with user '***'
    > PROPFIND /dav HTTP/1.1
    > Authorization: Basic KioqOioqKg==
    > User-Agent: curl/7.38.0
    > Host: webmail.web4all.fr
    > Accept: */*
    > Content-Type: text/xml
    > 
    < HTTP/1.1 401 invalid username/password
    HTTP/1.1 401 invalid username/password
    * Server nginx is not blacklisted
    < Server: nginx
    Server: nginx
    < Date: Thu, 30 Oct 2014 11:21:00 GMT
    Date: Thu, 30 Oct 2014 11:21:00 GMT
    < Content-Length: 0
    Content-Length: 0
    * Authentication problem. Ignoring this.
    < WWW-Authenticate: BASIC realm="Zimbra"
    WWW-Authenticate: BASIC realm="Zimbra"
    < Set-Cookie: SERVERID=zose-proxy02b; path=/
    Set-Cookie: SERVERID=zose-proxy02b; path=/
    
    < 
    * Connection #0 to host webmail.web4all.fr left intact
    

    What do you think ?



  • Fixed in 0.6.5. Thank you !


  • developer

    Whatever the problem was, I'm happy that it now works for you ;)



  • It isn't fixed for me (same hosting provider)!
    But I can suggest a possible explanation: maybe DAVdroid doesn't handle well the 302. At least, that's what's happening with Flock: https://github.com/WhisperSystems/Flock/issues/73#issuecomment-61887141


  • developer

    @Zeriuno Can you provide logs please? It's no fun guessing around without evidence.

    DAVdroid uses DavRedirectStrategy to decide which requests are redirected; as you can see it should handle all 3xx requests.



  • Sure, I am glad to provide log: how? Does DAVdroid has an internal log tool or should I use curl? [read the instructions, going to provide a log]



  • Here is the log:

    E/GeckoConsole( 1750): [JavaScript Error: "TypeError: tab is null"]
    I/davdroid.QueryServerDialogFragment( 2228): onCreateLoader
    D/davdroid.DavHttpClient( 2228): Disabling compression for debugging purposes
    D/davdroid.DavHttpClient( 2228): Logging network traffic for debugging purposes
    D/davdroid.URIUtils( 2228): Implicitly appending trailing slash to collection https://webmail.web4all.fr
    D/davdroid.WebDavResource( 2228): Using preemptive authentication (not compatible with Digest auth)
    V/davdroid.SNISocketFactory( 2228): Setting allowed TLS protocols: TLSv1, TLSv1.1, TLSv1.2
    V/davdroid.SNISocketFactory( 2228): Setting allowed TLS ciphers: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA
    D/davdroid.SNISocketFactory( 2228): Preparing direct SSL connection (without proxy) to https://webmail.web4all.fr:443
    V/davdroid.SNISocketFactory( 2228): Setting allowed TLS protocols: TLSv1, TLSv1.1, TLSv1.2
    V/davdroid.SNISocketFactory( 2228): Setting allowed TLS ciphers: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA
    D/davdroid.SNISocketFactory( 2228): Using documented SNI with host name webmail.web4all.fr
    I/davdroid.SNISocketFactory( 2228): Established TLSv1.2 connection with webmail.web4all.fr using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "PROPFIND /.well-known/carddav HTTP/1.1[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "Content-Type: text/xml; charset=UTF-8[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "Accept: text/xml[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "Depth: 0[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "Content-Length: 88[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "Host: webmail.web4all.fr[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "Connection: Keep-Alive[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "User-Agent: DAVdroid/0.6.6[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "Authorization: X"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "<propfind xmlns="DAV:">[\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "   <prop>[\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "      <current-user-principal/>[\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "   </prop>[\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "</propfind>"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 << "HTTP/1.1 301 Moved Permanently[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 << "Server: nginx[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 << "Date: Thu, 06 Nov 2014 11:12:44 GMT[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 << "Content-Length: 0[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 << "Location: http://webmail.web4all.fr:80/dav[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 << "Set-Cookie: SERVERID=zose-proxy02b; path=/[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 << "Cache-control: private[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 << "[\r][\n]"
    I/davdroid.WebDavResource( 2228): Redirection on PROPFIND; trying again at new content URL: http://webmail.web4all.fr:80/dav
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "PROPFIND /dav HTTP/1.1[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "Content-Type: text/xml; charset=UTF-8[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "Accept: text/xml[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "Depth: 0[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "Content-Length: 88[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "Host: webmail.web4all.fr:80[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "Connection: Keep-Alive[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "User-Agent: DAVdroid/0.6.6[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "Authorization: X”
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "<propfind xmlns="DAV:">[\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "   <prop>[\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "      <current-user-principal/>[\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "   </prop>[\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "</propfind>"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 << "HTTP/1.1 302 Found[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 << "Cache-Control: no-cache[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 << "Content-length: 0[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 << "Location: https://webmail.web4all.fr:80/dav[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 << "Connection: close[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 << "[\r][\n]"
    I/davdroid.WebDavResource( 2228): Redirection on PROPFIND; trying again at new content URL: https://webmail.web4all.fr:80/dav
    V/davdroid.SNISocketFactory( 2228): Setting allowed TLS protocols: TLSv1, TLSv1.1, TLSv1.2
    V/davdroid.SNISocketFactory( 2228): Setting allowed TLS ciphers: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA
    D/davdroid.SNISocketFactory( 2228): Preparing direct SSL connection (without proxy) to https://webmail.web4all.fr:80
    V/davdroid.SNISocketFactory( 2228): Setting allowed TLS protocols: TLSv1, TLSv1.1, TLSv1.2
    V/davdroid.SNISocketFactory( 2228): Setting allowed TLS ciphers: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA
    D/davdroid.SNISocketFactory( 2228): Using documented SNI with host name webmail.web4all.fr
    E/qcom_sensors_hal(  660): hal_process_time_resp: Resetting rollover count from 0 to 1
    

  • developer

    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 << "Location: https://webmail.web4all.fr:80/dav[\r][\n]"

    Here it is again… Sending a PROPFIND /dav request to webmail.web4all.fr seems to cause a redirection to https://webmail.web4all.fr:80/dav which will of course fail because https doesn't operate on port 80.


  • developer

    Any news on this?



  • Not really: the update didn't solve the issue.
    On the plus side, rhodey (here https://github.com/WhisperSystems/Flock/issues/79) was abled to track the redirects, and it actually might help to solve the issue.

    https://webmail.web4all.fr/.well-known/carddav redirects to http://webmail.web4all.fr:80/dav/ which then redirects to https://webmail.web4all.fr/dav/

    This nested redirect isn't handled by Flock: maybe it is an issue for DAVDroid too?


  • developer

    This header sent by the server:

    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 << "Location: https://webmail.web4all.fr:80/dav[\r][\n]"

    is incorrect. It's a redirect to HTTPS on port 80 which is wrong.



  • Someone with the same hosting provider, same server, same Zimbra, has made a test: configuring DAVDroid on wireless failed, with 3G he succeeded.


  • developer

    Someone with the same hosting provider, same server, same Zimbra, has made a test: configuring DAVDroid on wireless failed, with 3G he succeeded.

    Sounds like a proxy problem?



  • Sounds like it, but it is strange. I'll try to test this procedure and
    see if anythings changes for me.



  • I am also having this problem, but in my own private cloud. I am running Zimbra 8.5 behind an Nginx SSL reverse-proxy and have a StartSSL wildcard cert. If it would help in your testing, I can provide my configs and a test user account you can use to see what is going on.



  • This may be the dumbest workaround ever, but I got a sync to start by making sslh listen on port 80, and sort traffic to my reverse proxy, which now listens on 8080 and 443. This is a not-insignificant waste of resources, since it spins off a thread for every connection. Is there any information I can provide to help get to the bottom of this?


Log in to reply
 

Looks like your connection to Bitfire App Forums was lost, please wait while we try to reconnect.