Closed JWThewes closed 6 months ago
Works fine for me on iPhone and iPad both run iOS 12
I run i as service tho
I have the same issue as @JWThewes and had to downgrade to iOS 11.
I have the same issue as @JWThewes & @asch .
ios 12 requires https. It will not send any credentials over http
Dear All,
We have the same issue. I can't find any information on the web to confirm Apple/IOS12 not work with HTTP anymore but our server configured to use it.
May i ask some help how to change the settings to CARDDAV listen on HTTPS also?
@holian7 I recommend a reverse proxy setup, see https://radicale.org/proxy/
@holian7 I recommend a reverse proxy setup, see https://radicale.org/proxy/
Dear Return42,
Thank you for your prompt help. Unfortunatelly its "Chinese for me". The currnent radicale also configured someone else for us (who is can't help anymore..).
I will try to understand the description you suggested...
Unfortunatelly its "Chinese for me".
:) ... if administration is not your task, a can't recommend to change anything on your server. The risk to break more is given .. It might be better you are looking for someone who can admin this for you / sorry for not beeing helpful.
Maybee you?:)
Masters,
May i ask some help? Last evening i try to configure a new test environment. I really apperitiate if somebody read this long post and help me:
Here is what i done already:
After that i try the reverse proxy suggestion as the following:
RewriteEngine On
RewriteRule ^/radicale$ /radicale/ [R,L]
<Location "/radicale/">
AuthType Basic
AuthName "Radicale - Password Required"
AuthUserFile "c:/radicale/radicale/htpasswd.txt"
Require valid-user
ProxyPass http://localhost:5232/ retry=0
ProxyPassReverse http://localhost:5232/
RequestHeader set X-Script-Name /radicale/
RequestHeader set X-Remote-User expr=%{REMOTE_USER}
</Location>
[server]
SSL = True
certificate = c:/radicale/ssl/server_cert.pem
key = c:/radicale/ssl/server_key.pem
certificate_authority = c:/radicale/ssl/client_cert.pem
protocol = PROTOCOL_TLS
[auth]
type = http_x_remote_user
htpasswd_filename = c:/radicale/htpasswd.txt
htpasswd_encryption = plain
[rights]
file = c:/radicale/rights.txt
Now i can open apache on https:\\localhost and open radicale on https:\\localhost:5234. I run radicale with debug param and i see listening on SSL.
But, and here is where i stucked:
If i tried to log in on the radicale web interface i get 403 forbidden errorr? And i can't figure out how to setup my IPhone to connect.
May i set up Iphone cardav with SSL or i have to keep without SSL?
Technically the base problem is IOS12 not sync with Radicale server anymore. So you suggest to install reverse proxy? (Reverse proxy will handle the NON-SSL connection from IPHONE? And pass the password in the header to Radicale via SSL? I'm not sure what is the goal..)
'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br', 'HTTP_ACCEPT_LANGUAGE': 'hu-HU,hu;q=0.9,en-US;q=0.8,en;q=0.7', 'HTTP_CONNECTION': 'keep-alive', 'HTTP_HOST': 'localhost:5234', 'HTTP_ORIGIN': 'https://localhost:5234', 'HTTP_REFERER': 'https://localhost:5234/.web/', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) ' 'AppleWebKit/537.36 (KHTML, like Gecko) ' 'Chrome/69.0.3497.100 Safari/537.36', 'PATH_INFO': '/', 'QUERY_STRING': '', 'REMOTE_ADDR': '127.0.0.1', 'REMOTE_CERTIFICATE': {'issuer': ((('countryName', 'AU'),), (('stateOrProvinceName', 'Some-State'),), (('organizationName', 'Internet Widgits Pty Ltd'),)), 'notAfter': 'Feb 18 19:54:51 2046 GMT', 'notBefore': 'Oct 4 19:54:51 2018 GMT', 'serialNumber': 'C5C3617964C1B257', 'subject': ((('countryName', 'AU'),), (('stateOrProvinceName', 'Some-State'),), (('organizationName', 'Internet Widgits Pty Ltd'),)), 'version': 3}, 'REMOTE_HOST': '', 'REQUEST_METHOD': 'PROPFIND', 'SCRIPT_NAME': '', 'SERVER_NAME': '127.0.0.1', 'SERVER_PORT': '5234', 'SERVER_PROTOCOL': 'HTTP/1.1', 'SERVER_SOFTWARE': 'WSGIServer/0.2', 'wsgi.errors': <_io.StringIO object at 0x03615A30>, 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>, 'wsgi.input': <_io.BufferedReader name=1364>, 'wsgi.multiprocess': False, 'wsgi.multithread': True, 'wsgi.run_once': False, 'wsgi.url_scheme': 'http', 'wsgi.version': (1, 0)} [6878] DEBUG: Sanitized script name: '' [6878] DEBUG: Sanitized path: '/' [6878] DEBUG: Rule '':'' doesn't match 'admin':'.' from section 'admin' [6878] DEBUG: Rule '':'' doesn't match 'dksofor':'.' from section 'dksofor' [6878] DEBUG: Rule '':'' doesn't match 'jssofor':'.' from section 'jssofor' [6878] DEBUG: Rule '':'' doesn't match 'trsofor':'.' from section 'trsofor' [6878] DEBUG: Rule '':'' doesn't match '^user.$':'.' from section 'user' [6878] INFO: Rights: '':'' doesn't match any section [6878] DEBUG: Rule '':'' doesn't match 'admin':'.' from section 'admin' [6878] DEBUG: Rule '':'' doesn't match 'dksofor':'.' from section 'dksofor' [6878] DEBUG: Rule '':'' doesn't match 'jssofor':'.' from section 'jssofor' [6878] DEBUG: Rule '':'' doesn't match 'trsofor':'.' from section 'trsofor' [6878] DEBUG: Rule '':'' doesn't match '^user.$':'.' from section 'user' [6878] INFO: Rights: '':'' doesn't match any section [6878] INFO: Access to '/' denied for anonymous user [6878] DEBUG: Response content: Access to the requested resource forbidden. [6878] INFO: PROPFIND response status for '/' in 0.010 seconds: 403 Forbidden
Works fine for me on iPhone and iPad both run iOS 12
I run i as service tho
Dear Tntdruid,
I really apperitiate if you can help me how to configure the radicale and ios to work with SSL.
Thank you Sir,
Looks like a iOS 12 bug https://discussions.apple.com/thread/8544190
I think also its a bug, but i'm not sure apple will fix it or remove the "switch" from settings, and only let use SSL. Anyway i think i'm on wrong way still, so i just need to setup radicale to work with SSL but i get handsake error... https://github.com/Kozea/Radicale/issues/879
Any idea? Thank you Sir
It fail for me too if i try to add a new account on my iPad, old one works, very odd
@holian7 i have the same issue like you. Can you paste the command you used to create the certificates? or did you ordered somewhere the certs?
I used the ssl commands described https://radicale.org/proxy/
$ openssl req -x509 -newkey rsa:4096 -keyout server_key.pem -out server_cert.pem -nodes -days 9999
$ openssl req -x509 -newkey rsa:4096 -keyout client_key.pem -out client_cert.pem -nodes -days 9999
And i get the same handshake error you described in issue #879 also when connect with macOS which works without SSL. I could imagine that we have to use the correct SSL protocol version see #702
I use https://github.com/Neilpang/acme.sh for Let's Encrypt certs
@Tntdruid do you sit directly on radicale or behind a proxy?
@holian7 i have the same issue like you. Can you paste the command you used to create the certificates? or did you ordered somewhere the certs?
I used the ssl commands described https://radicale.org/proxy/
$ openssl req -x509 -newkey rsa:4096 -keyout server_key.pem -out server_cert.pem -nodes -days 9999 $ openssl req -x509 -newkey rsa:4096 -keyout client_key.pem -out client_cert.pem -nodes -days 9999
And i get the same handshake error you described in issue #879 also when connect with macOS which works without SSL. I could imagine that we have to use the correct SSL protocol version see #702
Dear Mbauhardt,
I also used the command and link you mentioned. I' tried with SSL2, SS3, TLS, TLS_1_2..etc the error message should changed but not work.... I'm not sure whats wrong, i will try the following, but currently i've no time:
I really apperitiate if you help if you got something..
@mbauhardt It as service, i use the imap plugin as auth. Got over 2k client using it.
Dear Tntdruid,
May i ask you some help, some tutorial how to set up your environment? I stucked with ssl, and i have no more hair to pull'n out...
Thank you
i had the idea what if the opensll version different as the python sll version...i checked and so...updated...both the same now...generated new cert with the new openssl.....
same error....everyone suggest a good step-by-step tutorial how to setup a radicale server with ssl?
Dear All,
I step back to the first suggestion - proxy server -. (https://radicale.org/proxy/) I set up an apache proxy.
When i try to open localhost:80 its ask for password, and redirect to radicale. On the debug window i see the login successful. So i tried to setup up the carddav account on my iphone but i stucked. -
Any idea how to setup up carddav account on iphone in this case becuase i can't connect.
Regards,
Hi, not sure if same problem, but I have about 80 Iphones of various types, and an apple server that pushes out the carddav settings for my radicale server. All works fines, but for last couple of months, some phones have stopped working. Seems to be any on version 12 or higher. What I have found, for some reason when my apple MDM pushes out the settings to the ios device, it does not install the correct settings for some reason. If I manually enter in the carddav settings it works perfectly. I then used apple configurator to create the mobileconfig and posted onto an internal web and used safari to download the profile. The profile installed ok, but will not get any contacts. Again, if I manually enter the settings, I get contacts. I am only using http on port 5232. Has anyone got same problem when loading profile from MDM ?
I was able to get it it working with iphone. As @mbiebl commented, the root cause is ios does not send credentials without ssl. The doc over here https://radicale.org/proxy/ explains how to setup proxy between the web server and radicale. i.e
iphone --> webserver --ssl--> radicale
But what we need is
(a) iphone --ssl--> webserver --> radicale
(OR)
(b) iphone --ssl--> radicale
If you are using a webserver as a reverse proxy (a), you need to check the webserver documentation on how to setup ssl. If you don't have a webserver and directly connect to radicale (b), do the following
openssl req -x509 -newkey rsa:4096 -keyout server_key.pem -out server_cert.pem -nodes -days 9999
certificate_authority
part.
[server]
ssl = True
certificate = /path/to/server_cert.pem
key = /path/to/server_key.pem
Now it should work. :)
I've a setup for CardDAV syncing. With iOS 11 it works fine. When I use a iOS 12 device I get the following error when launching Radicale with --debug:
[700006bb0000] INFO: PROPFIND request for '/principals/' with depth '0' received from 10.0.0.57 using 'iOS/12.0 (16A366) accountsd/1.0' [700006bb0000] DEBUG: Request headers: {'CONTENT_LENGTH': '181', 'CONTENT_TYPE': 'text/xml', 'GATEWAY_INTERFACE': 'CGI/1.1', 'HTTP_ACCEPT': '/', 'HTTP_ACCEPT_ENCODING': 'gzip, deflate', 'HTTP_ACCEPT_LANGUAGE': 'de-de', 'HTTP_BRIEF': 't', 'HTTP_CONNECTION': 'keep-alive', 'HTTP_DEPTH': '0', 'HTTP_HOST': '10.0.0.16:5232', 'HTTP_PREFER': 'return=minimal', 'HTTP_USER_AGENT': 'iOS/12.0 (16A366) accountsd/1.0', 'PATH_INFO': '/principals/', 'QUERY_STRING': '', 'REMOTE_ADDR': '10.0.0.57', 'REMOTE_HOST': '', 'REQUEST_METHOD': 'PROPFIND', 'SCRIPT_NAME': '', 'SERVER_NAME': 'Jans-MacBook-Pro-it-e.local', 'SERVER_PORT': '5232', 'SERVER_PROTOCOL': 'HTTP/1.1', 'SERVER_SOFTWARE': 'WSGIServer/0.2', 'wsgi.errors': <_io.StringIO object at 0x106483ee8>, 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>, 'wsgi.input': <_io.BufferedReader name=9>, 'wsgi.multiprocess': False, 'wsgi.multithread': True, 'wsgi.run_once': False, 'wsgi.url_scheme': 'http', 'wsgi.version': (1, 0)} [700006bb0000] DEBUG: Sanitized script name: '' [700006bb0000] DEBUG: Sanitized path: '/principals/' [700006bb0000] DEBUG: Request content: <?xml version="1.0"?>
[700006bb0000] DEBUG: Response content: The requested resource could not be found. [700006bb0000] INFO: PROPFIND response status for '/principals/' with depth '0' in 0.001 seconds: 404 Not Found