CAdroid 1.0.1 trusts certificate but DAVdroid 0.7.2 does not



  • I imported my root certificate like described here: http://wiki.cacert.org/FAQ/ImportRootCert#CAcert_system_trusted_certificates_.28without_lockscreen.29
    This way I do not have to use a lockscreen. I'm familiar with this process and it worked fine on Cyanogenmod 11 (Kitkat).

    On Cyanogenmod 12 (Lollipop) however, DAVdroid does not trust the certificate. I checked Android's certificate manager, it is there. Web Browsers trust it, even CAdroid skips importing the certificate because it is already trusted.

    What could be the problem? Has DAVdroid already been tested with Lollipop?


  • developer

    I don't know whether this may be relevant, but did you reboot your device since installing the certificate?



  • I unintentionally flagged the certificate for the group "others" not readable. This somehow created the situation, that CAdroid, Webbrowsers and Android itself trusted the certificate but DAVdroid didn't. Allowing read-access for "others" fixed the problem.

    Why could all the other apps but DAVdroid access the file?


  • developer

    I don't know. However, as using certificates this way is not documented, I don't see any problem in DAVdroid behaviour.

    Maybe sync adapters run as another (Linux) UID than the other apps you have tried, so that only DAVdroid wasn't able to access it?



  • That could have caused the confusion.

    The advantage of importing the certificates this way is that you are not forced to use a password lockscreen. What do you think of CAdroid supporting this method?



  • We've discussed before the annoying situation where people reasonably spend time working around badness in the way Android handles security, and somehow it rarely feels productive later. I fear this might be the kind of time sink that, while nice to have working, may take more time than one would reasonably want to spend. (Although, how you spend your time is quite obviously your own business, and far be it from someone else to keep you from doing something you want to do.)


  • developer

    I'll close this issue now because the problem has been solved.



  • I've got (nearly) the same problem, with the only difference I installed the CACert certificate as user (via CAdroid). CADroid says "everything's fine, certificate is trusted", it's listed as trusted in the settings, but DavDroid claims it's not trusted.
    Debug log says "javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found."
    Davdroid version 0.8.0, CAdroid version 1.0.3

    I used a CACert certificate in the past (on another server), and that worked fine.



  • @AutoImport-uvok
    Problem solved. I even installed CAcert as system certificate and it still didn't work.
    Then I realized the android browser also displays a warning message about an invalid certificate.

    I checked my webserver configuration (shared hosting provider) and realized I also uploaded a CA certificate, so the server would send a whole certificate chain to the client. Uploaded just a single certificate and voila - it works!

    Just thought I should mention this in case someone else runs into these problems.


  • admin

    Great, thank you for keeping us up-to-date ;)


Log in to reply
 

Looks like your connection to Bitfire App Forums was lost, please wait while we try to reconnect.