Closed GoogleCodeExporter closed 9 years ago
Same problem here on HTC Desire (Android 2.1), since I'm still using webSMS
v3.1.6, I'm guessing o2 changed something. This is the exact error I get:
javax.net.ssl.SSLExeption:Not trusted server certificate
Hope this helps.
Original comment by d.roustc...@googlemail.com
on 13 Jul 2010 at 8:22
I also have the same problem =>
o2:javax.net.ssl.SSLException: Not trusted server certificate
Original comment by webster2...@gmail.com
on 13 Jul 2010 at 11:35
Same system, same version, same problem!
Original comment by stylztu...@gmail.com
on 13 Jul 2010 at 3:24
Issue 273 has been merged into this issue.
Original comment by felix.bechstein
on 13 Jul 2010 at 4:00
as this is *NOT* update related, i assume this is a problem of o2.
i'll have a look on it myself as soon as possible. please be patient
Original comment by felix.bechstein
on 13 Jul 2010 at 4:03
Attached the Output from alogcat, filtered for "WebSMS". Exception seems to
indicate that O2 switched their server-certificate to some not supported
"Version 1" certificate, not sure if we can do anything but disable SSL :/
Original comment by clausthalerblubb
on 13 Jul 2010 at 6:15
Attachments:
Same problem here with the latest update :(
Original comment by j.erra.m...@gmail.com
on 13 Jul 2010 at 6:38
[deleted comment]
Same Problem, but I noticed that it is no longer possible to send any WebSMS in
the "offical" "Mein o2 Beta"-App of o2. There it's an error called
"Netzwerkfehler" (in English: Networking-Error). [Also: it's no longer possible
to download your bill... same error] So possibly a temporary problem?
Eusebius
Original comment by eusebiu...@gmail.com
on 13 Jul 2010 at 6:46
I can confirm Eusebius' statement. We will see if o2 updates its own app or
this really just is a temporary thing.
Original comment by equalize...@googlemail.com
on 13 Jul 2010 at 6:50
it is an SSL related problem.
this android bug [http://code.google.com/p/android/issues/detail?id=5756] is
possibly related.
please drop me an info here if the official app is working again.
in the meantime i'm working on a workaround.
Original comment by felix.bechstein
on 13 Jul 2010 at 6:52
just published the *INSECURE* workaround to market and download section
please test it.
beer is welcome ;)
Original comment by felix.bechstein
on 13 Jul 2010 at 7:55
Seems to work. I was able to update the number of SMS left and send one via
WebSMS.
Nevertheless I would like to see the secure version working again.
Thanks so far Felix for the nice app and fast update. Please keep up the great
work!
Original comment by equalize...@googlemail.com
on 13 Jul 2010 at 8:29
the workaround works! Send a test SMS to myself.
The o2 Own App "O2 WebSMS" doesenst work. Errors like eusebius90 said
Original comment by dominik....@gmail.com
on 13 Jul 2010 at 8:30
btw: insecure means: the app trusts *ANY* SSL certificate.
it better than no ssl, but insecure as hell.
please keep an eye on o2's version and drop me a note here.
i'll rollback the changes as soon as the workaround is not needed anymore.
Original comment by felix.bechstein
on 14 Jul 2010 at 5:05
Very great job, Felix!! =)
Original comment by Sebbe...@googlemail.com
on 16 Jul 2010 at 8:00
The official app of o2 was recently updated. Now everything works fine again in
"mein o2 beta"
Eusebius
Original comment by eusebiu...@gmail.com
on 21 Jul 2010 at 1:53
I can confirm this. The official app is now working again like it was supposed
to. Your WebSMS seems also to be working. I just was not able to update my
number of free SMS left.
Original comment by equalize...@googlemail.com
on 21 Jul 2010 at 2:01
The official app O2 WebSMS works fine know too.
Original comment by dominik....@gmail.com
on 21 Jul 2010 at 4:53
as they updated the client side, a assume they made it insecure as i did.
so it's not a fix imho. :(
Original comment by felix.bechstein
on 21 Jul 2010 at 6:43
well. i tried to remove the hack, but had no luck. the certificate is still
broken :/
Original comment by felix.bechstein
on 12 Aug 2010 at 5:52
Having no verification at all is very bad, as felix already noted. The
connection is encrypted, but everyone can man-in-the-middle without any problem
(a real issue especially if you use public wifi).
As it seems that this certificate will stay this way, I think the connector
should hardwire the fingerprints of the current known certificates. This is of
course less flexible and the user has to trust the developer that he checked
the cert properly (instead of his phone-manufacturer). But as the applications
handle sensitive data like passwords and phone-numbers anyway, users already
trust the dev. ;-)
With this approach the risk of a man-in-the-middle-attack would be reduced back
to the normal level.
I tried to hack this into the sources myself without making the websms-api
backward-incompatible. I can't say I like the result, but it's OK for my
personal use and to show the way I'd go the work-around this bug.
http://github.com/Boris-de/websms-api/commit/1be6bdba374410a9f67c5b9bcb50705140
http://github.com/Boris-de/websms-connector-o2/commit/ce16adbcee64b6da0bf707290
Original comment by boris-c...@gmx.com
on 5 Sep 2010 at 5:06
just merged your code into mine. it's way more secure as before.
and as nothing seems to be changed on o2's side.. we just need this dirty hack.
and besides that: it's more secure than hoping some really bad man (let's call
him wolfgang) never gets an "valid" certificate from any of these dirty china
CA (let's call it verisign) to fuck on you. :D
btw: i added your mail you're using here to the list of donators.
Original comment by felix.bechstein
on 11 Sep 2010 at 2:21
Indeed, it's more secure in this way, though more work of course if it really
changes.
Thanks for adding me to the donator-list, I appreciate it.
Original comment by boris-c...@gmx.com
on 12 Sep 2010 at 9:06
Today:
Trying to send a sms (o2)
"Sending failed - User or password wrong"
but not always, just sometime. Not only with WEBSMS by Felix, also with the
original "Mein o2".
Need Help
Original comment by chiefte...@gmail.com
on 15 Sep 2010 at 5:20
i got a few mails with that problem since yesterday. i'm sure it has nothing to
do with my app.
disable tweaks may help.
it has nothing to do with this issue for sure!
Original comment by felix.bechstein
on 15 Sep 2010 at 8:51
similar problem on betamax connector:
when send sms/balance check (via webcalldirect.com or poivy.com)
"betamax: hostname in certificate didnt match ..."
Original comment by Sven.Sta...@googlemail.com
on 12 Oct 2010 at 8:19
the last Days always:
o2: Sending failed - User or password wrong"
Original comment by alexande...@googlemail.com
on 12 Oct 2010 at 1:26
@sven: please create a new issue, as betamax is not implemented by myself.
@alexadner: are you running the newest version of o2 connector?
Original comment by felix.bechstein
on 12 Oct 2010 at 5:22
as nothing changed, i let it as it is.
Original comment by felix.bechstein
on 27 Dec 2010 at 7:41
Original issue reported on code.google.com by
equalize...@googlemail.com
on 13 Jul 2010 at 8:15