Cannot verify hostname, who is to blame ? Logcat output



  • Hi,

    I'm using Cyanogen Cyanogen 11 on my Moto G.

    I've got the classic "Cannot verify hostname" on webmail.web4all.fr (I'm not owning the domain). The certificate looks OK to me (https://www.ssllabs.com/ssltest/analyze.html?d=webmail.web4all.fr). While roughly looking at the logcat output (https://gist.github.com/jbd/4efd6003f62562eb4b64), I'm not sure if the problem is on the server or client side.

    Some lines looks suspicious to me :

    I/davdroid.WebDavResource( 8269): Redirection on PROPFIND; trying again at new content URL: https://webmail.web4all.fr:80/dav

    What is your opinion ?


  • developer

    As you say, the service redirects to webmail.web4all.fr on port 80 (!). Is that correct? At least my browser shows an error at https://webmail.web4all.fr:80/.



  • Thank you for your answer. The website https://webmail.web4all.fr/ is ok. So it's look like at least PROPFIND is wrongly redirected. I'll check with the upstream support.



  • I've tested with a 4.4.2 stock android rom, same problem. Not sure if the problem is on their side, but the web4all support team is kind enough to investigate. I keep you posted.



  • Hi,

    there has been some investigation on the web4all side, but nothing concrete comes out of it. Some people has been reporting that davdroid has stopped working since 0.6, but I have nothing more specific to give you sorry.

    The web4all support cannot reproduce the weird https over 80 redirection behaviour using curl (you can use an invalid name/password) :

    $ curl \
    >     -D- -1 -v -L \
    >     --request PROPFIND --user "***" --header "Content-Type: text/xml" \
    >      --data "<propfind xmlns='DAV:'><prop><current-user-principal/></prop></propfind>" \
    >      https://webmail.web4all.fr/.well-known/carddav
    Enter host password for user '***':
    * Hostname was NOT found in DNS cache
    *   Trying 185.49.20.40...
    * Connected to webmail.web4all.fr (185.49.20.40) port 443 (#0)
    * successfully set certificate verify locations:
    *   CAfile: none
      CApath: /etc/ssl/certs
    * SSLv3, TLS handshake, Client hello (1):
    * SSLv3, TLS handshake, Server hello (2):
    * SSLv3, TLS handshake, CERT (11):
    * SSLv3, TLS handshake, Server key exchange (12):
    * SSLv3, TLS handshake, Server finished (14):
    * SSLv3, TLS handshake, Client key exchange (16):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
    * Server certificate:
    *        subject: serialNumber=508070679; 1.3.6.1.4.1.311.60.2.1.3=FR; 1.3.6.1.4.1.311.60.2.1.1=PARIS; businessCategory=Private Organization; C=FR; postalCode=75019; ST=PARIS; L=PARIS; street=148 boulevard Macdonald; O=ASSOCIATION WEB4ALL; OU=WEB4ALL; OU=COMODO EV Multi-Domain SSL; CN=www.web4all.fr
    *        start date: 2014-05-03 00:00:00 GMT
    *        expire date: 2014-11-11 23:59:59 GMT
    *        subjectAltName: webmail.web4all.fr matched
    *        issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO Extended Validation Secure Server CA
    *        SSL certificate verify ok.
    * Server auth using Basic with user '***'
    > PROPFIND /.well-known/carddav HTTP/1.1
    > Authorization: Basic KioqOioqKg==
    > User-Agent: curl/7.38.0
    > Host: webmail.web4all.fr
    > Accept: */*
    > Content-Type: text/xml
    > Content-Length: 72
    > 
    * upload completely sent off: 72 out of 72 bytes                                                                                                                                                                                                                               
    < HTTP/1.1 301 Moved Permanently                                                                                                                                                                                                                                               
    HTTP/1.1 301 Moved Permanently                                                                                                                                                                                                                                                 
    * Server nginx is not blacklisted                                                                                                                                                                                                                                              
    < Server: nginx                                                                                                                                                                                                                                                                
    Server: nginx                                                                                                                                                                                                                                                                  
    < Date: Thu, 30 Oct 2014 11:21:00 GMT                                                                                                                                                                                                                                          
    Date: Thu, 30 Oct 2014 11:21:00 GMT                                                                                                                                                                                                                                            
    < Content-Length: 0                                                                                                                                                                                                                                                            
    Content-Length: 0                                                                                                                                                                                                                                                              
    < Location: http://webmail.web4all.fr:80/dav                                                                                                                                                                                                                                   
    Location: http://webmail.web4all.fr:80/dav                                                                                                                                                                                                                                     
    < Set-Cookie: SERVERID=zose-proxy02a; path=/                                                                                                                                                                                                                                   
    Set-Cookie: SERVERID=zose-proxy02a; path=/                                                                                                                                                                                                                                     
    < Cache-control: private                                                                                                                                                                                                                                                       
    Cache-control: private                                                                                                                                                                                                                                                         
                                                                                                                                                                                                                                                                                   
    <                                                                                                                                                                                                                                                                              
    * Connection #0 to host webmail.web4all.fr left intact                                                                                                                                                                                                                         
    * Issue another request to this URL: 'http://webmail.web4all.fr:80/dav'                                                                                                                                                                                                        
    * Switch from POST to GET                                                                                                                                                                                                                                                      
    * Found bundle for host webmail.web4all.fr: 0x23e05f0                                                                                                                                                                                                                          
    * Hostname was NOT found in DNS cache                                                                                                                                                                                                                                          
    *   Trying 185.49.20.40...                                                                                                                                                                                                                                                     
    * Connected to webmail.web4all.fr (185.49.20.40) port 80 (#1)                                                                                                                                                                                                                  
    * Server auth using Basic with user '***'                                                                                                                                                                                                                                      
    > PROPFIND /dav HTTP/1.1                                                                                                                                                                                                                                                       
    > Authorization: Basic KioqOioqKg==                                                                                                                                                                                                                                            
    > User-Agent: curl/7.38.0                                                                                                                                                                                                                                                      
    > Host: webmail.web4all.fr                                                                                                                                                                                                                                                     
    > Accept: */*                                                                                                                                                                                                                                                                  
    > Content-Type: text/xml                                                                                                                                                                                                                                                       
    >                                                                                                                                                                                                                                                                              
    < HTTP/1.1 302 Found                                                                                                                                                                                                                                                           
    HTTP/1.1 302 Found                                                                                                                                                                                                                                                             
    < Cache-Control: no-cache                                                                                                                                                                                                                                                      
    Cache-Control: no-cache                                                                                                                                                                                                                                                        
    < Content-length: 0                                                                                                                                                                                                                                                            
    Content-length: 0                                                                                                                                                                                                                                                              
    < Location: https://webmail.web4all.fr/dav                                                                                                                                                                                                                                     
    Location: https://webmail.web4all.fr/dav
    < Connection: close
    Connection: close
    
    < 
    * Closing connection 1
    * Issue another request to this URL: 'https://webmail.web4all.fr/dav'
    * Found bundle for host webmail.web4all.fr: 0x23e05f0
    * Re-using existing connection! (#0) with host webmail.web4all.fr
    * Connected to webmail.web4all.fr (185.49.20.40) port 443 (#0)
    * Server auth using Basic with user '***'
    > PROPFIND /dav HTTP/1.1
    > Authorization: Basic KioqOioqKg==
    > User-Agent: curl/7.38.0
    > Host: webmail.web4all.fr
    > Accept: */*
    > Content-Type: text/xml
    > 
    < HTTP/1.1 401 invalid username/password
    HTTP/1.1 401 invalid username/password
    * Server nginx is not blacklisted
    < Server: nginx
    Server: nginx
    < Date: Thu, 30 Oct 2014 11:21:00 GMT
    Date: Thu, 30 Oct 2014 11:21:00 GMT
    < Content-Length: 0
    Content-Length: 0
    * Authentication problem. Ignoring this.
    < WWW-Authenticate: BASIC realm="Zimbra"
    WWW-Authenticate: BASIC realm="Zimbra"
    < Set-Cookie: SERVERID=zose-proxy02b; path=/
    Set-Cookie: SERVERID=zose-proxy02b; path=/
    
    < 
    * Connection #0 to host webmail.web4all.fr left intact
    

    What do you think ?



  • Fixed in 0.6.5. Thank you !


  • developer

    Whatever the problem was, I'm happy that it now works for you 😉



  • It isn't fixed for me (same hosting provider)!
    But I can suggest a possible explanation: maybe DAVdroid doesn't handle well the 302. At least, that's what's happening with Flock: https://github.com/WhisperSystems/Flock/issues/73#issuecomment-61887141


  • developer

    @Zeriuno Can you provide logs please? It's no fun guessing around without evidence.

    DAVdroid uses DavRedirectStrategy to decide which requests are redirected; as you can see it should handle all 3xx requests.



  • Sure, I am glad to provide log: how? Does DAVdroid has an internal log tool or should I use curl? [read the instructions, going to provide a log]



  • Here is the log:

    E/GeckoConsole( 1750): [JavaScript Error: "TypeError: tab is null"]
    I/davdroid.QueryServerDialogFragment( 2228): onCreateLoader
    D/davdroid.DavHttpClient( 2228): Disabling compression for debugging purposes
    D/davdroid.DavHttpClient( 2228): Logging network traffic for debugging purposes
    D/davdroid.URIUtils( 2228): Implicitly appending trailing slash to collection https://webmail.web4all.fr
    D/davdroid.WebDavResource( 2228): Using preemptive authentication (not compatible with Digest auth)
    V/davdroid.SNISocketFactory( 2228): Setting allowed TLS protocols: TLSv1, TLSv1.1, TLSv1.2
    V/davdroid.SNISocketFactory( 2228): Setting allowed TLS ciphers: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA
    D/davdroid.SNISocketFactory( 2228): Preparing direct SSL connection (without proxy) to https://webmail.web4all.fr:443
    V/davdroid.SNISocketFactory( 2228): Setting allowed TLS protocols: TLSv1, TLSv1.1, TLSv1.2
    V/davdroid.SNISocketFactory( 2228): Setting allowed TLS ciphers: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA
    D/davdroid.SNISocketFactory( 2228): Using documented SNI with host name webmail.web4all.fr
    I/davdroid.SNISocketFactory( 2228): Established TLSv1.2 connection with webmail.web4all.fr using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "PROPFIND /.well-known/carddav HTTP/1.1[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "Content-Type: text/xml; charset=UTF-8[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "Accept: text/xml[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "Depth: 0[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "Content-Length: 88[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "Host: webmail.web4all.fr[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "Connection: Keep-Alive[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "User-Agent: DAVdroid/0.6.6[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "Authorization: X"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "<propfind xmlns="DAV:">[\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "   <prop>[\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "      <current-user-principal/>[\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "   </prop>[\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 >> "</propfind>"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 << "HTTP/1.1 301 Moved Permanently[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 << "Server: nginx[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 << "Date: Thu, 06 Nov 2014 11:12:44 GMT[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 << "Content-Length: 0[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 << "Location: http://webmail.web4all.fr:80/dav[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 << "Set-Cookie: SERVERID=zose-proxy02b; path=/[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 << "Cache-control: private[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-10 << "[\r][\n]"
    I/davdroid.WebDavResource( 2228): Redirection on PROPFIND; trying again at new content URL: http://webmail.web4all.fr:80/dav
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "PROPFIND /dav HTTP/1.1[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "Content-Type: text/xml; charset=UTF-8[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "Accept: text/xml[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "Depth: 0[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "Content-Length: 88[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "Host: webmail.web4all.fr:80[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "Connection: Keep-Alive[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "User-Agent: DAVdroid/0.6.6[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "Authorization: X”
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "<propfind xmlns="DAV:">[\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "   <prop>[\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "      <current-user-principal/>[\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "   </prop>[\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 >> "</propfind>"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 << "HTTP/1.1 302 Found[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 << "Cache-Control: no-cache[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 << "Content-length: 0[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 << "Location: https://webmail.web4all.fr:80/dav[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 << "Connection: close[\r][\n]"
    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 << "[\r][\n]"
    I/davdroid.WebDavResource( 2228): Redirection on PROPFIND; trying again at new content URL: https://webmail.web4all.fr:80/dav
    V/davdroid.SNISocketFactory( 2228): Setting allowed TLS protocols: TLSv1, TLSv1.1, TLSv1.2
    V/davdroid.SNISocketFactory( 2228): Setting allowed TLS ciphers: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA
    D/davdroid.SNISocketFactory( 2228): Preparing direct SSL connection (without proxy) to https://webmail.web4all.fr:80
    V/davdroid.SNISocketFactory( 2228): Setting allowed TLS protocols: TLSv1, TLSv1.1, TLSv1.2
    V/davdroid.SNISocketFactory( 2228): Setting allowed TLS ciphers: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA
    D/davdroid.SNISocketFactory( 2228): Using documented SNI with host name webmail.web4all.fr
    E/qcom_sensors_hal(  660): hal_process_time_resp: Resetting rollover count from 0 to 1
    

  • developer

    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 << "Location: https://webmail.web4all.fr:80/dav[\r][\n]"

    Here it is again… Sending a PROPFIND /dav request to webmail.web4all.fr seems to cause a redirection to https://webmail.web4all.fr:80/dav which will of course fail because https doesn't operate on port 80.


  • developer

    Any news on this?



  • Not really: the update didn't solve the issue.
    On the plus side, rhodey (here https://github.com/WhisperSystems/Flock/issues/79) was abled to track the redirects, and it actually might help to solve the issue.

    https://webmail.web4all.fr/.well-known/carddav redirects to http://webmail.web4all.fr:80/dav/ which then redirects to https://webmail.web4all.fr/dav/

    This nested redirect isn't handled by Flock: maybe it is an issue for DAVDroid too?


  • developer

    This header sent by the server:

    D/ch.boye.httpclientandroidlib.wire( 2228): http-outgoing-11 << "Location: https://webmail.web4all.fr:80/dav[\r][\n]"

    is incorrect. It's a redirect to HTTPS on port 80 which is wrong.



  • Someone with the same hosting provider, same server, same Zimbra, has made a test: configuring DAVDroid on wireless failed, with 3G he succeeded.


  • developer

    Someone with the same hosting provider, same server, same Zimbra, has made a test: configuring DAVDroid on wireless failed, with 3G he succeeded.

    Sounds like a proxy problem?



  • Sounds like it, but it is strange. I'll try to test this procedure and
    see if anythings changes for me.



  • I am also having this problem, but in my own private cloud. I am running Zimbra 8.5 behind an Nginx SSL reverse-proxy and have a StartSSL wildcard cert. If it would help in your testing, I can provide my configs and a test user account you can use to see what is going on.



  • This may be the dumbest workaround ever, but I got a sync to start by making sslh listen on port 80, and sort traffic to my reverse proxy, which now listens on 8080 and 443. This is a not-insignificant waste of resources, since it spins off a thread for every connection. Is there any information I can provide to help get to the bottom of this?