mobile icon indicating copy to clipboard operation
mobile copied to clipboard

Published 20 hours ago verified publisher icon bitwarden

PKCS#12 User certificate failed to recognize by Bitwarden Android app

Open lkthomas opened this issue 2 years ago • 2 comments

Steps To Reproduce

on the self-hosted Bitwarden server side, I am using Stunnel with verify = 2 enforce peer certificate verification, then I am using the same CA to generate a user certificate, when I check stunnel log, I see this,

SSL_accept: ssl/statem/statem_srvr.c:3697: error:1417C0C7:SSL routines:tls_process_client_certificate:peer did not return a certificate

But my Android phone already installed the key image

Why Bitwarden Android app can't utilize that key? When I try to use the same setup on desktop firefox, everything goes fine and client certificate could verify without issue.

Expected Result

TLS client certificate should work

Actual Result

User certificate failed to recognize by Bitwarden Android app

Screenshots or Videos

No response

Additional Context

Stunnel config, docker run -itd --name bitwarden_ssl --link bitwarden:bitwarden_ssl \ -e STUNNEL_VERIFY=3 \ -e STUNNEL_SERVICE=bitwarden \ -e STUNNEL_ACCEPT=443 \ -e STUNNEL_CONNECT=bitwarden:80 \ -e STUNNEL_CAFILE=/etc/stunnel/rootCA.pem \ -p 8080:443 \ -v /bitwarden-data/ssl/host.org-key.pem:/etc/stunnel/stunnel.key:ro \ -v /bitwarden-data/ssl/host.org.pem:/etc/stunnel/stunnel.pem:ro \ -v /bitwarden-data/ssl/rootCA.pem:/etc/stunnel/rootCA.pem:ro \ dweomer/stunnel

Operating System

Android

Operating System Version

No response

Device

Huawei Mate 20 Pro

Build Version

2022.8.0 (4911)

Beta

  • [ ] Using a pre-release version of the application.

lkthomas avatar Sep 11 '22 20:09 lkthomas

This may be related to #582.

scottsavarese avatar Sep 22 '22 11:09 scottsavarese

Same issue, Bitwarden application does not appear to support PKCS#12 client cert authentication to my self-hosted instance, hitting my firewall, which drops if no client cert is presented. This works fine via browser & firefox extension.

essinghigh avatar Sep 23 '22 11:09 essinghigh

This may be related to #582.

u9CgoYr9icTLhpLoWBTJtLPdXvl5uJJOagkplzF avatar Sep 22 '22 11:09 u9CgoYr9icTLhpLoWBTJtLPdXvl5uJJOagkplzF

Same issue, Bitwarden application does not appear to support PKCS#12 client cert authentication to my self-hosted instance, hitting my firewall, which drops if no client cert is presented. This works fine via browser & firefox extension.

Y7pREvOuRzKeelVYAwuB6EzX9xaMdUHqVdBlZkl avatar Sep 23 '22 11:09 Y7pREvOuRzKeelVYAwuB6EzX9xaMdUHqVdBlZkl

Same issue here on Android after importing PKCS certificate with full CA

TLS client authentication with nginx reverse proxy works well on

  • Web on Chrome and Edge (Windows 11)
  • Bitwarden client 2022.10.1 (Windows 11)
  • Chrome (Android 10 and 12)

NOT working on Android mobile app version 2022.10.0

Popup message during login "Si è verificato un errore"

O4cgFB2od2DMYYVD2iM12vwFVFofwa10Z2joe8h avatar Nov 18 '22 16:11 O4cgFB2od2DMYYVD2iM12vwFVFofwa10Z2joe8h