Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

App doesn't work with self signed certificates #41

Closed
soda-pop-ice-cream opened this issue Apr 21, 2024 · 11 comments
Closed

App doesn't work with self signed certificates #41

soda-pop-ice-cream opened this issue Apr 21, 2024 · 11 comments

Comments

@soda-pop-ice-cream
Copy link

Hi there!
App doesn't want connect to server that using self signed certificates (added to device and trusted ofc), all apps on devices work well with them.
Logfile:

{FluxNews}  {readConfigValues}  {Starting read config values}  {20 April 2024 03:00:49 PM}  {INFO}
{FluxNews}  {readConfigValues}  {Finished read config values}  {20 April 2024 03:00:49 PM}  {INFO}
{FluxNews}  {readConfig}  {Starting read config}  {20 April 2024 03:00:49 PM}  {INFO}
{FluxNews}  {readConfig}  {Finished read config}  {20 April 2024 03:00:49 PM}  {INFO}
{FluxNews}  {initializeDB}  {Starting initializeDB}  {20 April 2024 03:00:49 PM}  {INFO}
{FluxNews}  {initializeDB}  {Finished initializeDB}  {20 April 2024 03:00:49 PM}  {INFO}
{FluxNews}  {syncNews}  {Start syncing with miniflux server.}  {20 April 2024 03:03:05 PM}  {INFO}
{FluxNews}  {authCheck}  {Caught an error in authCheck function! : HandshakeException: Handshake error in client (OS Error: 
	CERTIFICATE_VERIFY_FAILED: self signed certificate in certificate chain(handshake.cc:393))}  {20 April 2024 03:03:05 PM}  {ERROR}
{FluxNews}  {syncNews}  {Finished syncing with miniflux server.}  {20 April 2024 03:03:05 PM}  {INFO}
{FluxNews}  {syncNews}  {Start syncing with miniflux server.}  {20 April 2024 03:03:06 PM}  {INFO}
{FluxNews}  {authCheck}  {Caught an error in authCheck function! : HandshakeException: Handshake error in client (OS Error: 
	CERTIFICATE_VERIFY_FAILED: self signed certificate in certificate chain(handshake.cc:393))}  {20 April 2024 03:03:06 PM}  {ERROR}
@KevinCFechtel
Copy link
Owner

Hi, I think I know which config is missing, but I can't test it myself.
Could you install the app via the Play Store?
Then I would invite you to a beta program there so that you can test the change quickly.
Is that okay?

@KevinCFechtel
Copy link
Owner

I would also need the email address of your Google account that you use to install the app.
I would then authorize this address in the beta program.
You can send it to me by e-mail: kevin@kevincfechtel.dev

@soda-pop-ice-cream
Copy link
Author

I would also need the email address of your Google account that you use to install the app. I would then authorize this address in the beta program. You can send it to me by e-mail: kevin@kevincfechtel.dev

Sure, email sent. 👍

@KevinCFechtel
Copy link
Owner

The update is now published in the beta program, you should be able to install it via the following link.
The SSL certificates added by the user should now also be trusted.
A short feedback if it works now would be great, then I will create the official release.
https://play.google.com/apps/internaltest/4699713993175644776

@soda-pop-ice-cream
Copy link
Author

I installed 1.4.3 beta, and sadly it didn't help.. 🫠

{FluxNews}  {readConfigValues}  {Starting read config values}  {21 April 2024 03:54:15 PM}  {INFO}
{FluxNews}  {initializeDB}  {Starting initializeDB}  {21 April 2024 03:54:15 PM}  {INFO}
{FluxNews}  {initializeDB}  {Finished initializeDB}  {21 April 2024 03:54:15 PM}  {INFO}
{FluxNews}  {readConfigValues}  {Finished read config values}  {21 April 2024 03:54:15 PM}  {INFO}
{FluxNews}  {initializeDB}  {Starting initializeDB}  {21 April 2024 03:54:15 PM}  {INFO}
{FluxNews}  {initializeDB}  {Finished initializeDB}  {21 April 2024 03:54:15 PM}  {INFO}
{FluxNews}  {readConfig}  {Starting read config}  {21 April 2024 03:54:15 PM}  {INFO}
{FluxNews}  {readConfig}  {Finished read config}  {21 April 2024 03:54:15 PM}  {INFO}
{FluxNews}  {queryNewsFromDB}  {Starting querying news from DB}  {21 April 2024 03:54:15 PM}  {INFO}
{FluxNews}  {updateNewsStatusInDB}  {Starting updating starred counter}  {21 April 2024 03:54:15 PM}  {INFO}
{FluxNews}  {renewAllNewsCount}  {Starting renewing all news count}  {21 April 2024 03:54:15 PM}  {INFO}
{FluxNews}  {updateNewsStatusInDB}  {Finished updating starred counter}  {21 April 2024 03:54:15 PM}  {INFO}
{FluxNews}  {renewAllNewsCount}  {Finished renewing all news count}  {21 April 2024 03:54:15 PM}  {INFO}
{FluxNews}  {queryNewsFromDB}  {Finished querying news from DB}  {21 April 2024 03:54:15 PM}  {INFO}
{FluxNews}  {syncNews}  {Start syncing with miniflux server.}  {21 April 2024 03:54:17 PM}  {INFO}
{FluxNews}  {checkMinifluxCredentials}  {Starting checking miniflux credentials}  {21 April 2024 03:54:17 PM}  {INFO}
{FluxNews}  {authCheck}  {Caught an error in authCheck function! : HandshakeException: Handshake error in client (OS Error: 
	CERTIFICATE_VERIFY_FAILED: self signed certificate in certificate chain(handshake.cc:393))}  {21 April 2024 03:54:17 PM}  {ERROR}

@KevinCFechtel
Copy link
Owner

Too bad, is your server accessible from the Internet by any chance?
If so, could you email me the URL so I can see if I can get a request through.
Otherwise it would be a lot of try and error.

@soda-pop-ice-cream
Copy link
Author

Too bad, is your server accessible from the Internet by any chance? If so, could you email me the URL so I can see if I can get a request through. Otherwise it would be a lot of try and error.

I set you up dev environment on spare vm, emailed url and creds 👍️ Let me know if i can help with something too(like webserver logs, etc)

@KevinCFechtel
Copy link
Owner

Thanks, it looks like it's a general problem with Flutter/Dart though....
dart-lang/sdk#50435
I'll see how I can change the HTTP calls, maybe a new http client could be used.

@KevinCFechtel
Copy link
Owner

The following issue is currently still blocking implementation dart-lang/http#1179

@KevinCFechtel
Copy link
Owner

I have changed the http implementation of the miniflux backend so that user trusted certificates are now also integrated.
However, I am currently still having problems with the cronet version without Google Play Services.
Therefore, I have only set a beta test of the new version for now, the real release will follow as soon as a version without Google Play Service dependencies can be created.
You should now see an update of the app in the Play Store, please check again whether the self-signed certificate works with this update (in my test at least it did 😊)

@soda-pop-ice-cream
Copy link
Author

soda-pop-ice-cream commented Apr 22, 2024
edited

I have changed the http implementation of the miniflux backend so that user trusted certificates are now also integrated. However, I am currently still having problems with the cronet version without Google Play Services. Therefore, I have only set a beta test of the new version for now, the real release will follow as soon as a version without Google Play Service dependencies can be created. You should now see an update of the app in the Play Store, please check again whether the self-signed certificate works with this update (in my test at least it did 😊)

Indeed, it works now! 🎉 I didn't even removed my "non-working" settings, just updated and restarted app. 🙂
Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

When branches are created from issues, their pull requests are automatically linked.

41-app-doesnt-work-with-self-signed-certificates KevinCFechtel/FluxNews
2 participants
@KevinCFechtel @soda-pop-ice-cream