Rocket.Chat.ReactNative
Rocket.Chat.ReactNative copied to clipboard
Published
20 hours ago •
RocketChat
RocketChat
Mobile client does not provide certificate for all requests
Description:
When using client SSL certificate in Rocket.Chat mobile app then app does not provide certificate for all requests. I.e. text messages works but cannot download video files and avatars. nginx has a lot of 400 errors in logs:
rc-nginx | 10.10.6.1 - - [02/Sep/2022:07:55:50 +0000] "GET /avatar/room/GENERAL?format=png&size=144 HTTP/1.1" 400 237 "-" "RC Mobile; android 10; v4.29.0 (34199)" "-"
rc-nginx | 10.10.6.1 - - [02/Sep/2022:07:55:50 +0000] "GET /avatar/admin.admin?format=png&size=144 HTTP/1.1" 400 237 "-" "RC Mobile; android 10; v4.29.0 (34199)" "-"
rc-nginx | 10.10.6.1 - - [02/Sep/2022:07:55:50 +0000] "GET /avatar/a.ivanov?format=png&size=144 HTTP/1.1" 400 237 "-" "RC Mobile; android 10; v4.29.0 (34199)" "-"
rc-nginx | 10.10.6.1 - - [02/Sep/2022:07:55:50 +0000] "GET /avatar/room/3RzW7Q8W3uvFDBb2H?format=png&size=144 HTTP/1.1" 400 237 "-" "RC Mobile; android 10; v4.29.0 (34199)" "-"
rc-nginx | 10.10.6.1 - - [02/Sep/2022:07:55:50 +0000] "GET /avatar/i.ivanov?format=png&size=144 HTTP/1.1" 400 237 "-" "RC Mobile; android 10; v4.29.0 (34199)" "-"
rc-nginx | 10.10.6.1 - - [02/Sep/2022:07:55:50 +0000] "GET /avatar/polina?format=png&size=144 HTTP/1.1" 400 237 "-" "RC Mobile; android 10; v4.29.0 (34199)" "-"
rc-nginx | 10.10.6.1 - - [02/Sep/2022:07:55:50 +0000] "GET /avatar/mobile2?format=png&size=144 HTTP/1.1" 400 237 "-" "RC Mobile; android 10; v4.29.0 (34199)" "-"
rc-nginx | 10.10.6.1 - - [02/Sep/2022:07:55:50 +0000] "GET /avatar/room/d4nb9862FW76MZeX2?format=png&size=144 HTTP/1.1" 400 237 "-" "RC Mobile; android 10; v4.29.0 (34199)" "-"
rc-nginx | 10.10.6.1 - - [02/Sep/2022:07:55:50 +0000] "GET /avatar/mu1?format=png&size=144 HTTP/1.1" 400 237 "-" "RC Mobile; android 10; v4.29.0 (34199)" "-"
nginx configured with ssl_cerify_client:
server {
listen 443 ssl;
server_name ${RC_RCHOST};
client_max_body_size 200M;
ssl_certificate /etc/nginx/ssl/${RC_RCHOST}.crt;
ssl_certificate_key /etc/nginx/ssl/${RC_RCHOST}.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
ssl_client_certificate /etc/nginx/ca.crt;
# ssl_verify_client optional;
ssl_verify_client on;
...
location / {
proxy_pass http://${RC_HOST}:${RC_PORT}/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
error_page 403 /accessDenied;
}
Environment Information:
- Rocket.Chat Server Version: 5.0.3
- Rocket.Chat App Version: 4.29.0.34199
- Device Name: Oukitel c21
- OS Version: Android 10
Steps to reproduce:
- Install Rocket.Chat with nginx as reverse proxy with ssl_verify_client option
- Issue CA and client certificate
- Run mobil rocket chat app and specify client cert file
- Login to rocket chat and try to download video video (this does not work)
- type text messages (this work)
- Check nginx logs for error 400 (client ssl cert not verified)
Expected behavior:
Mobile app should always use client ssl certificate on all requests
Actual behavior:
Mobile app uses client certificate not for all requests. I.e. text messages works but video and avatars cannot be downloaded and produce error 400
