search

bitwarden / mobile

Retired Bitwarden mobile app for iOS and Android (MAUI/Xamarin).
https://bitwarden.com
GNU General Public License v3.0
22 stars 2 forks source link

PKCS#12 User certificate failed to recognize by Bitwarden Android app #2066

Open ppwl4fgslYAkwIafwbEUSsFw7umeFVgSfn3bASf opened 1 year ago

ppwl4fgslYAkwIafwbEUSsFw7umeFVgSfn3bASf commented 1 year ago

Steps To Reproduce

on the self-hosted Bitwarden server side, I am using Stunnel with verify = 2 enforce peer certificate verification, then I am using the same CA to generate a user certificate, when I check stunnel log, I see this,

SSL_accept: ssl/statem/statem_srvr.c:3697: error:1417C0C7:SSL routines:tls_process_client_certificate:peer did not return a certificate

But my Android phone already installed the key image

Why Bitwarden Android app can't utilize that key? When I try to use the same setup on desktop firefox, everything goes fine and client certificate could verify without issue.

Expected Result

TLS client certificate should work

Actual Result

User certificate failed to recognize by Bitwarden Android app

Screenshots or Videos

No response

Additional Context

Stunnel config, docker run -itd --name bitwarden_ssl --link bitwarden:bitwarden_ssl \ -e STUNNEL_VERIFY=3 \ -e STUNNEL_SERVICE=bitwarden \ -e STUNNEL_ACCEPT=443 \ -e STUNNEL_CONNECT=bitwarden:80 \ -e STUNNEL_CAFILE=/etc/stunnel/rootCA.pem \ -p 8080:443 \ -v /bitwarden-data/ssl/host.org-key.pem:/etc/stunnel/stunnel.key:ro \ -v /bitwarden-data/ssl/host.org.pem:/etc/stunnel/stunnel.pem:ro \ -v /bitwarden-data/ssl/rootCA.pem:/etc/stunnel/rootCA.pem:ro \ dweomer/stunnel

Operating System

Android

Operating System Version

No response

Device

Huawei Mate 20 Pro

Build Version

2022.8.0 (4911)

Beta

u9CgoYr9icTLhpLoWBTJtLPdXvl5uJJOagkplzF commented 1 year ago

This may be related to #582.

Y7pREvOuRzKeelVYAwuB6EzX9xaMdUHqVdBlZkl commented 1 year ago

Same issue, Bitwarden application does not appear to support PKCS#12 client cert authentication to my self-hosted instance, hitting my firewall, which drops if no client cert is presented. This works fine via browser & firefox extension.

O4cgFB2od2DMYYVD2iM12vwFVFofwa10Z2joe8h commented 1 year ago

Same issue here on Android after importing PKCS certificate with full CA

TLS client authentication with nginx reverse proxy works well on

NOT working on Android mobile app version 2022.10.0

Popup message during login "Si è verificato un errore"