search

MoMaR5 / regalandroid

Automatically exported from code.google.com/p/regalandroid
0 stars 0 forks source link

Piwigo HTTPS connection to SSl vhost fails #98

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
On which type of gallery your problem occurred ? (G2, G3, Piwigo ?)
Piwigo 2.1.5, Nginx, php-fpm - the server hosts multiple ssl enabled vhosts 
with valid StartSSL certificates. 

What version of regalandroid are you using? On what Android versions?
1.1.2 on Android 4.1.2

Can you provide your gallery url so that a developer can reproduce the
issue ? do we need to login ? in which album the problem occurred ?
https://fotos.kuther.net - dev login on request via mail is possible

What steps will reproduce the problem?
1. try to connect
2.
3.

What is the expected output? What do you see instead?
fr.mael.jiwigo.transverse.exception,JiwigoException: 
javax.net.ssl.SSLException: hostname in certificate didn't match: 
<fotos.kuther.net> != <cloud.kuther.net> OR <cloud.kuther.net> OR <kuther.net>

The certificate for fotos. is valid, and the server is configured properly 
(e.g. the "piwigo" android app works)

Please provide any additional information below.

Original issue reported on code.google.com by gimpe...@gmail.com on 12 Jun 2013 at 7:14

GoogleCodeExporter commented 8 years ago 
I haven't looked at the code, so I'm just guessing now.

It looks like the connection is done in three steps, first it does DNS 
resolution, then connects to the host using the IP directly completely leaving 
the hostname behind, and then checks if the certificate matches the initially 
configured hostname. This breaks SNI 
(http://en.wikipedia.org/wiki/Server_Name_Indication)

Using only the IP, the server responds on the first configured virtual host.
Now I reordered them in the webserver config so the Piwigo vhost is the first 
one - and now ReGal client works.

So to sum it, the issue is that the client doesn't work with SNI SSL vhosts 
unless the Piwigo vhost is the first configured one.

Original comment by gimpe...@gmail.com on 13 Jun 2013 at 7:49

GoogleCodeExporter commented 8 years ago 
This is also reported in Issue 7 in Github : 
https://github.com/anthonydahanne/ReGalAndroid/issues/7

Original comment by gene_w...@cementhorizon.com on 23 Feb 2015 at 7:16