ippocratis
commented
1 year ago 1) Android version
Android 13 LineageOS 20 custom rom , rooted
2) How the cert you picked from system certs installed into there?
Settings >security>encryption and cedentials>install a certificate
The changes doesn't support install a cert into system cert store but it supports use installed ones
Sorry if I wasn't clear. Thats what I meant. Entered my email selected selfhosted under region Continue Advanced There are two options under udvanced
- Import and use a new certificate
- use a system certificate
It is the second option that is failing
Also I forgot to mention that I have to clear app data after that to be able to use the app again
Error on logcat
ANR in com.x8bit.bitwarden (com.x8bit.bitwarden/.MainActivity)
PID: 11537
Reason: Input dispatching timed out (7dec55b com.x8bit.bitwarden/com.x8bit.bitwarden.MainActivity (server) is not responding. Waited 5002ms for MotionEvent)
Parent: com.x8bit.bitwarden/.MainActivity
ErrorId: c6b0539b-84e5-4e5a-84a4-98e40cdcd43f
Frozen: false
Load: 5.08 / 6.51 / 6.4
CPU usage from 1ms to 13916ms later (2023-07-20 18:23:04.612 to 2023-07-20 18:23:18.527):3) The cert format in system cert store?
It is a pkcs 12 bundle
the certificate you select from system cert should had been instlled with the private key
Yes
sudo openssl pkcs12 -info -nodes -in /storage/emulated/0/certs/client_cert.p12
MAC: sha256, Iteration 2048
MAC length: 32, salt length: 8
PKCS7 Encrypted data: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256
Certificate bag
Bag Attributes
localKeyID:reducted
subject=C = gr, ST = gr, L = gr, O = client-cert, OU = ippo, CN = client-cert, emailAddress = reducted
issuer=C = gr, ST = gr, L = gr, O = client-cert, OU = ippo, CN = client-cert, emailAddress = reducted
-----BEGIN CERTIFICATE-----
Reducted
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256
Bag Attributes
localKeyID: reducted
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
Reducted
-----END PRIVATE KEY-----if you install a cert in pkcs#12 legacy format to system cert store and then, use it on the app, do you still getting issue?
The "original" pkcs12 cant be saved in the android system store It is password protected and the system can't decrypt the password
The legacy cert is installed on android certificate store And the one that crashes the app if the second option is used (as described above)
oguzhane
vvolkgang
Hello,
When connecting to a Bitwarden server that's behind an nginx proxy that requires a client cert, the app just crashes when pressing the Log In button. The same server works fine on Firefox, requesting access to my certificate as expected, and when I disable the requirement to have client authentication through my reverse proxy, the app works fine too. I see this is a known issue based on a few forum posts (https://community.bitwarden.com/t/client-certificates/427, https://community.bitwarden.com/t/mobile-app-cant-access-server-behind-reverse-proxy-with-client-cert-authentification/2071 etc) so thought I'd raise an issue.