search

element-hq / element-ios

A glossy Matrix collaboration client for iOS
https://element.io
Apache License 2.0
1.72k stars 480 forks source link

Cannot connect to HTTPS homeserver with valid cert, well-known #7783

Open kajarah opened 2 months ago

kajarah commented 2 months ago

Steps to reproduce

  1. Set up a self-hosted homeserver with trusted SSL certificates (Let's Encrypt).
  2. Add a .well-known/matrix/client entry with m.homeserver.base_url set properly to https://server:port.
  3. Open Element iOS and select "I already have an account".
  4. Edit where your conversations live, and type your server hostname.

Cannot send logs as the shake-to-log feature does not work on the login screen. Cannot determine Element iOS version because the settings menu is not accessible until logged in. Assuming 1.11.9.

Outcome

What did you expect?

Element iOS is able to proceed to the login screen. The same configuration works on the web and on the desktop app. Android not tested.

What happened instead?

Element iOS times out for several minutes before erroring with a cannot connect message.

Your phone model

iPhone 13 Pro

Operating system version

iOS17.4.1

Application version

Cannot get to the version page; assuming 1.11.9

Homeserver

guardiansgate.games

Will you send logs?

No

kajarah commented 2 months ago

Federation test result:

{
  "WellKnownResult": {
    "m.server": "matrix.guardiansgate.games:8448",
    "CacheExpiresAt": 0
  },
  "DNSResult": {
    "SRVSkipped": true,
    "SRVCName": "",
    "SRVRecords": null,
    "SRVError": null,
    "Hosts": {
      "matrix.guardiansgate.games": {
        "CName": "falchion.pilot.ninja.",
        "Addrs": [
          "47.144.68.216"
        ],
        "Error": null
      }
    },
    "Addrs": [
      "47.144.68.216:8448"
    ]
  },
  "ConnectionReports": {
    "47.144.68.216:8448": {
      "Certificates": [
        {
          "SubjectCommonName": "guardiansgate.games",
          "IssuerCommonName": "R3",
          "SHA256Fingerprint": "fuhxyA94pLihBEvjDwXdbhff7ODKqzE5FTUqhxGbbTc",
          "DNSNames": [
            "*.guardiansgate.games",
            "guardiansgate.games"
          ]
        },
        {
          "SubjectCommonName": "R3",
          "IssuerCommonName": "ISRG Root X1",
          "SHA256Fingerprint": "Z63RFmsCCuYbj1/JaBPATCqliZYHloZVcqPH5zdhPf0",
          "DNSNames": null
        }
      ],
      "Cipher": {
        "Version": "TLS 1.3",
        "CipherSuite": "TLS_AES_256_GCM_SHA384"
      },
      "Checks": {
        "AllChecksOK": true,
        "MatchingServerName": true,
        "FutureValidUntilTS": true,
        "HasEd25519Key": true,
        "AllEd25519ChecksOK": true,
        "Ed25519Checks": {
          "ed25519:a_sYTT": {
            "ValidEd25519": true,
            "MatchingSignature": true
          }
        },
        "ValidCertificates": true
      },
      "Errors": [],
      "Ed25519VerifyKeys": {
        "ed25519:a_sYTT": "AdaAhO1l9vBWLlgi8xianAU0XEsr/kYZzgegVaab5b0"
      },
      "Info": {},
      "Keys": {
        "old_verify_keys": {},
        "server_name": "guardiansgate.games",
        "signatures": {
          "guardiansgate.games": {
            "ed25519:a_sYTT": "5FaeCPwbnfT9bZzbhRdqNLNRjxM1fU6IijUNuogbWMLbV7uZ6F/hmPUDjEWtVsDUOZF1Ppxy9s85zNlLQ5ssBQ"
          }
        },
        "valid_until_ts": 1714510708251,
        "verify_keys": {
          "ed25519:a_sYTT": {
            "key": "AdaAhO1l9vBWLlgi8xianAU0XEsr/kYZzgegVaab5b0"
          }
        }
      }
    }
  },
  "ConnectionErrors": {},
  "Version": {
    "name": "Synapse",
    "version": "1.105.0"
  },
  "FederationOK": true
}
net47 commented 1 week ago

I have the exact same error, federation-test is also ok, web and desktop clients work fine.

My .well-known/matrix/client (censored):

{"m.homeserver":{"base_url":"https://chat.example.com/"},"io.element.e2ee":{"default":false,"secure_backup_required":false}}

My .well-known/matrix/server (censored):

{"m.server":"chat.example.com:443"}

IMG_1304

IMG_1305

The red error message is: No server found under this URL.

net47 commented 1 week ago

At least in my case, I found the error: iCloud Private Relay (or any other traffic intercepting functionality on the device itself). Disabling it did the trick, after that it was possible to connect to the home matrix server without any issues.