SNI doesn't work for Android <4.2 (Valid certificate shows "Untrusted Certificate")


  • developer

    I don’t get an “untrusted certificate in certificate path” error here. Can you provide a test account and detailed instructions on how to reproduce the error?

    Maybe there’s a redirection to another (untrusted) host in the CalDAV URLs?


  • developer

    Ok found the problem. We have used HttpClient 4.3.5.1 instead of our own patched 4.3.5.2-DAVDROID1 in DAVdroid 0.7.3. It supports SNI only for Android 4.2+. So please use DAVdroid 0.7.2 or upgrade to Android 4.2+.



  • Whoua ! you are so fast for finding the problem !
    Downgrading to Davdroid 0.7.2 corrected it.
    Problem solved, thank you so much !
    Will I have to use only 0.7.2 in the future ? or next version of davdroid would correct that regression ?


  • developer

    Will I have to use only 0.7.2 in the future ? or next version of davdroid would correct that regression ?

    Next versions will correct that, but I have to find out how to use packaged source JARs with gradle. For DAVdroid < 0.7.3, the HttpClient was packaged by us as pre-compiled .jar, so not all components of DAVdroid were 100 % open-source for the F-droid build. However, I want it to be 100 % open source, so I’ll have to make a source package of the latest HttpClient 4.3.5 branch which contains the fix. Will take some time…

    But good to hear that it now works for you 🙂



  • Cool. I’ll just wait before upgrading, so.
    You provide so great work. Thank you so much for this incredible app 🙂



  • Hi there!
    Unfortunately, 0.7.4 does not resolve this issue for me.
    DAVdroid still shows me the “untrusted certificate in certificate path” error (for both the domain mentioned by @Mageti above as well my own, also using a StartSSL-certificate with SNI).
    CAdroid shows already trusted certificate chain; android’s built-in browser opens and displays web page.

    Configuration: Android 4.1.2, DAVdroid 0.7.4, CAdroid 1.0.2 (both from Google Play Store)

    Anything else you might need to know? Could provide dummy account if need be…


  • developer

    @akki42 Unfortunately, I don’t have an Android 4.1 device. Does DAVdroid 0.7.2 work for you?
    @Mageti Does 0.7.4 fix the issue for you?



  • @rfc2822 DAVdroid 0.7.2 did indeed work (until “auto-updated” by Google Play Store to 0.7.3 two days ago).

    [edit: Also, versions 0.7.3 and 0.7.4 work fine on Android 4.2.2 and 4.4 devices with same settings.]


  • developer

    I don’t understand why the checked out httpclient-client code contained the old >= 4.2 instead of >= 2.3 …

    Re-opening, writing bug fix for bug fix. Hoping that 0.7.5 will work … embarassing.



  • @rfc2822 0.7.5 works fine for me; so: many thanks for your swift support for an excellent app!


Log in to reply
 

Similar topics

  • 4
  • 2
  • 5