search

bmatthias / kolab-android

Automatically exported from code.google.com/p/kolab-android
Other
0 stars 0 forks source link

crash on invalid or unknown certificate #45

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. set up server name+port, username+password and enable Use SSL
2. press test
3. dialog appears asking if to accept the invalid or unknown certificate. 
Cannot safely connect to server. SSL handshak aborted: ssl=0x1ec770 Failure in 
SSL library, usually a protocol error:140770FC: SSL routines: 
SSL23_GET_SERVER_HELLO: unknown protocol (external/openssl/ssl/s23_clnt.c:683 
0xad12940f:0x00000000)
4. Press accept
5. Kolabdroid crashes

What is the expected output? What do you see instead?

It should accept the certificate from the server and continue without crash.

What version of the product are you using? On what operating system?

LG GT540 SwiftDroid 2.3.3 (CyanogenMod-7.0.0-GT540-MUR4IK)

Please provide any additional information below.

Original issue reported on code.google.com by rot...@gmail.com on 2 May 2011 at 6:11

GoogleCodeExporter commented 8 years ago 
How can we reproduce that?

Original comment by arthur.z...@gmail.com on 29 Jun 2011 at 10:24

GoogleCodeExporter commented 8 years ago 
My mail server has a certificate which is signed by my own CA (CA cert is 
self-signed). The cert of my CA is not installed on my android.

Original comment by rot...@gmail.com on 29 Jun 2011 at 11:12

GoogleCodeExporter commented 8 years ago 
crashing is definitely not wanted. But accepting an unsigned certificate is 
also not what every user would expect.
A certificate has two goals:
1. confidentiality: Protect against sniffing/wire-tapping
2. authentication of the server towards the client: Protection against 
server-side fraud

Unsigned certificates secure against sniffing, but they do not protect you 
against hackers who set up their own mail server under your mail server's name, 
make you connect to it. They can then grab your password and use it against the 
real mail server, read your mails and forward them to the real server (with 
keeping you believe that your connection is save as encrypted),...

In case of an unsigned certificate, there should be a warning "unknown 
certificate" with the options: abort, accept, always accept.

Short term fix should give a warning message and continue after clicking OK.

Andy

Original comment by android....@googlemail.com on 14 Nov 2011 at 8:14

GoogleCodeExporter commented 8 years ago 
The settings should ask what to do. I also have a self signed certificate. Not 
troubles - closing task due to age.

Original comment by arthur.z...@gmail.com on 26 Jun 2012 at 4:38