Round-Sync icon indicating copy to clipboard operation
Round-Sync copied to clipboard

Published 20 hours ago verified publisher icon newhinton

x509: certificate signed by unknown authority

Open aodhan-domhnaill opened this issue 1 year ago • 3 comments

What version of Round Sync are you using (About -> App version)?

App: 2.2.2 Rclone Version: 1.63-1-extract

What is your Android version, phone model and manufacturer?

Google Pixel 6 on Graphene OS

Which steps are required to reproduce this issue?

Hosted WebDav on internal server with self-signed TLS cert.

I uploaded the CA into Graphene OS as a User CA cert, but it still isnt working because RoundSync doesn't recognize the certificate authority (naturally)

What is your configuration (rclone.conf)?

[debian-drive]
type = webdav
url = https://debian.my.internal.dns/
vendor = other
user = me
pass = dont-tell-the-cia

Does the same issue also occur when using the same configuration on a PC or in Termux?

No. From my laptop, I can connect with a CA cert like,

rclone -v --ca-cert ~/.config/rclone/debian-drive.crt mount --vfs-cache-mode full encrypted: ./drive/

I imagine this is expected behavior at this moment, but it would be nice to allow CA-certs.

aodhan-domhnaill avatar Dec 23 '23 12:12 aodhan-domhnaill

I have the same issue. I have a local nextcloud with a self-signed cert, with the CA uploaded to trusted CA in Android settings and I get the same error "x509: certificate signed by unknown authority" :(

cyb3rm00n avatar Feb 24 '24 18:02 cyb3rm00n

I have the same issue on an older phone running Android 6.0.1.

I can't list the files of any Nextcloud server (I tried three). The UI shows the message "Error retrieving directory contents" Each server has valid CA certificates when checking it with Firefox in the web-interface of Nextcloud.

I also tried it after installing the root certificate that is used according to the web-interface of Nextcloud.

Error message from the log file:

2024/05/11 17:01:50 Failed to lsjson with 2 errors: last error was: error in ListJSON: couldn't list files: Propfind "https://some-server.com/remote.php/dav/files/user/": tls: failed to verify certificate: x509: certificate signed by unknown authority

Is there any way to find out which valid (root) certificates are required for the Round-Sync app to work for the used server? Maybe I still need to add some more (root) certificates to Android?

By the way, the app works well with Nextcloud servers on another device running Android 8.0.0.

github-kp avatar May 12 '24 13:05 github-kp

I have the same problem. It seems that there is no way for the user to skip certificate validation but I can't understand why the app doesn't use CA user certificates added to the OS!

Paolino-Paperino avatar May 25 '24 14:05 Paolino-Paperino