Local "remote" https server failing

[Horizonbli]

Hello, I set a local https server with a self signed digital certificate. I am able to access just fine, with green lock, using the web browser, but when I experimented having pdnsf fetching hosts files from the local server, I get this:

DNS filter: Reloading hosts filter ... Acquired WIFI lock and partial wake lock! ERROR loading filter: hxxps://ipaddress:port/hosts.txt Released WIFI lock and partial wake lock! Cannot update hosts filter file! javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

Is there something that I need to change in pdnsf configuration file? Or, pdnsf simply won't accept local https?

Thanks

[IngoZenz]

I think the issue is, that pDNSf doesn't trust your self signed certificate. Did you enable trust for this in Android settings (actually I do not know exactly where to do this and if possible at all). If you find out. let me know. As workaround you can just use plain http.

[Horizonbli]

I did add the certificate as trusted. I'll try and see what I can do... I am new to using self signed certificates, so I might have missed something.

Android does allow to install certificates by simply clicking them.

Thanks

[IngoZenz]

any update on this?

[Horizonbli]

Hello again...

The problem still persisted. Considering I got no problem whatsoever accessing the https server with the web browser, I have to ask whether or not pDNSf checks root Ca's under System and User, or just System? I got a strong belief that it checks against System only... If so, any chance that behavior might change? :)

[Horizonbli]

I didn't test it again, but before I retest it (it will take some time), I don't think the newest update introduced a change in the way psdnf trusts CA?

[IngoZenz]

no there wasn't a change... Btw what means hxxps://?

ERROR loading filter: hxxps://ipaddress:port/hosts.txt

[Horizonbli]

I didnt realize that. That was manually modified from https to hxxps. Don't ask why, I wouldn't know the answer. 😁

[endail]

I have just run into this issue when attempting to connect to a DoT server with a self-signed certificate and CA. pDNSf doesn't seem to be checking user-installed certificates.

But apparently it's an easy fix.

[ChaosNicro]

Might be off-topic but how about implementing "file://" as a protocol for lists instead of using a local webserver. I tried it but java seems to throw a fileNotFound even when it does seem to parse the file-path correctly. It seems that Android is strict with permissions when accessing files by path. Though if you manage to create the txt-file within the pDNSf-basefolder file:// actually works as expected without needing shared-storage-permissions. So local file inclusion is working.

[IngoZenz]

is it available via file://<path> Note that a non relative paths would look like file:///storage/emulated ... No note the /// ( 3 times).

[ChaosNicro]

Indeed, as indicated by my last edit a full path entry "file:///storage/emulated/0/Android/data/dnsfilter.android/files/PersonalDNSFilter/Test.txt" works fine. Since dnsfilter.conf can reference filterhosts without a path, I was hoping that "/storage/emulated/0/Android/data/dnsfilter.android/files/PersonalDNSFilter/" would act as the working directory or home of the process. that is not the case though, since "file://./Test.txt", "file://~/Test.txt" or "file://Test.txt" DO NOT work as relative equivalents in my testing. But since the full path should be just as consistent in Android that should not make too much of a difference. Sorry again for hijacking this issue, but I thought since local file inclusion was the end-goal, it would be helpful.

PS: Just for reference, paths in shared storage, so "file:///storage/emulated/0/Test.txt" returns permission denied.