trouble with etesync-dav-certgen

idmyn commented 5 years ago

I've got the caldav server working (viewable at http://localhost:37358/) but I'm now struggling to get it cooperating with the macOS calendar. I've tried to run etesync-dav-certgen --trust-cert both inside and outside of virtualenv to no avail. Any ideas what's going wrong here? Cheers

output from ./venv/bin/etesync-dav-certgen --trust-cert:

Traceback (most recent call last):
  File "./venv/bin/etesync-dav-certgen", line 213, in <module>
    main()
  File "./venv/bin/etesync-dav-certgen", line 192, in main
    generate_cert(**subargs(('cert_path', 'key_path', 'key_cipher',
  File "./venv/bin/etesync-dav-certgen", line 190, in <lambda>
    subargs = lambda x: {i: args_dict[i] for i in x}
  File "./venv/bin/etesync-dav-certgen", line 190, in <dictcomp>
    subargs = lambda x: {i: args_dict[i] for i in x}
KeyError: 'key_cipher'

tasn commented 5 years ago

Take a look at the change history of the readme. Before it was a script, there were instructions. Maybe they would work better for you.

I don't personally use Mac, this was contributed by @odkr. I'll take a look at this tomorrow, but please let me know if you manage to get it working before.

Thanks!

-- Tom

On Fri, 4 Jan 2019, 23:13 David Mynors <notifications@github.com wrote:

I've got the caldav server working (viewable at http://localhost:37358/) but I'm now struggling to get it cooperating with the macOS calendar. I've tried to run etesync-dav-certgen --trust-cert both inside and outside of virtualenv to no avail. Any ideas what's going wrong here? Cheers

output from ./venv/bin/etesync-dav-certgen --trust-cert:

Traceback (most recent call last): File "./venv/bin/etesync-dav-certgen", line 213, in main() File "./venv/bin/etesync-dav-certgen", line 192, in main generate_cert(**subargs(('cert_path', 'key_path', 'key_cipher', File "./venv/bin/etesync-dav-certgen", line 190, in subargs = lambda x: {i: args_dict[i] for i in x} File "./venv/bin/etesync-dav-certgen", line 190, in subargs = lambda x: {i: args_dict[i] for i in x} KeyError: 'key_cipher'

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/etesync/etesync-dav/issues/41, or mute the thread https://github.com/notifications/unsubscribe-auth/AAGofl4jQ0zM2nG2d3Ek4iWlZZuEC6ncks5u_-AIgaJpZM4ZuMrY .

idmyn commented 5 years ago

I see. I followed the instructions on the slightly older readme (without any hiccups) but when I went to run etesync-dav it threw up an error message:

[700006dad000] ERROR: An exception occurred during request: SSL handshake failed: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1056)

tasn commented 5 years ago

Are you sure you set https:// in the url now (instead of http)?

Try with the browser first btw, only then etesync-dav.

idmyn commented 5 years ago

That makes a lot of sense, and it now seems to be working! My browser threw a 'your connection is not private' warning NET::ERR_CERT_COMMON_NAME_INVALID, but clicking 'advanced settings' and 'proceed anyway' got me to the expected radicale dashboard.

I'm now struggling to set up CardDAV: it doesn't throw any errors when I add the account to the 'internet accounts' preferences panel, but doesn't seem to be loading any of the contacts...

tasn commented 5 years ago

If your browser is complaining it (probably) means you didn't install the certificate as a globally trusted certificate on your system, meaning the Mac apps won't trust it either (and they are unfortunately buggy). You need to make sure you correctly installed the certificate (two commands in the readme if memory serves).

idmyn commented 5 years ago

I think I inputted the correct commands as instructed, but just had a look in the gui 'Keychain Access' and I think I found the relevant certificate (screenshot below). Any idea what might be causing the problem?

tasn commented 5 years ago

I really have no idea. :|

Let's wait for @odkr

tnajdek commented 5 years ago

If you can't or don't want to use the script, here is a step-by-step guide on how to generate a self-signed certificate and make macOS trust it:

First generate self-signed certificate trusted for 10 years:

cd ~/Library/Application\ Support/etesync-dav
openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=etesync.localhost" -keyout etesync.key -out etesync.crt

Using open command triggers macos "add to keychain" dialog:

open etesync.crt

Confirm adding to "login" keychain in the dialog. Then open Keychain Access app, find etesync.localhost (keychain: login, category: certificates), expand "Trust" and pick "Always trust" for SSL.

Now you can edit ~/Library/Application\ Support/etesync-dav/radicale.conf, under [server] enter the following to make it use the certificate (please replace USERNAME for your actual username):

ssl = yes
certificate = /Users/USERNAME/Library/Application\ Support/etesync-dav/etesync.crt
key = /Users/USERNAME/Library/Application\ Support/etesync-dav/etesync.key

Restart etesync-dav

tasn commented 5 years ago

@tnajdek, thanks for this. In the beginning I actually objected having this separately, but I guess now that the README is simplified (and it seems certgen is having issues), could you please add a PR to include this information in the README? (in the mojave section under "manual way" or something)

porg commented 5 years ago

@tnajdek as I and others reported in #53 the file paths in the radical.conf shall not have their whitespace escaped with a backslash.

@all experts with etesync on macOS: I followed the readme as of 2019-04-09 exactly, but sadly did not get etesync-dav working with Calendar.app. Could you maybe help me? This is what I tried so far:

Automatic SSL setup

Fails, see #56

Manual SSL setup

Performed it exactly as stated.

My openssl is the one shipped with macOS, not from another package manager.

Could it be that the openssl shipped with macOS 10.14.4 with which I created the self signed certificate is too new for etesync-dav 0.5.5?

$ etesync-dav --version
2.1.11  # Interesting version offset as I downloaded from https://github.com/etesync/etesync-dav/releases/tag/v0.5.0
$ openssl version -a
LibreSSL 2.6.5
built on / platform / compiler: date not available
options:  bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) blowfish(idx) 
OPENSSLDIR: "/private/etc/ssl"

Made sure in Keychain.app to always trust my self signed certificate.
Filepaths in radicale.conf maybe problematic? See #53

Client Setup

OSX
- CalDAV: Works. Setup instructions:
- Internet Accounts->Add Other Account->CalDAV account
- Account Type: Advanced
- Username: user@example.com
- Password: generated etesync-dav password
- Server Address: localhost
- Server Path: /
- Port: 37358
- Uncheck Use SSL (does nothing under macOS Mojave, SSL is always enabled)

It already fails there at CalDAV configuration with this:

$ etesync-dav -D
[105b4c5c0] INFO: Starting Radicale
[105b4c5c0] INFO: Authentication type is 'htpasswd'
[105b4c5c0] INFO: Storage type is 'radicale_storage_etesync'
[105b4c5c0] INFO: Rights type is 'radicale_storage_etesync.rights'
[105b4c5c0] INFO: Web type is 'internal'
[105b4c5c0] INFO: Listening to '1.0.0.127.in-addr.arpa' on port 37358 using SSL
[105b4c5c0] INFO: Radicale server ready
[700001b7c000] ERROR: An exception occurred during request: SSL handshake failed: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1056)
Traceback (most recent call last):
  File "site-packages/radicale/__init__.py", line 193, in process_request_thread
  File "ssl.py", line 1117, in do_handshake
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1056)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "site-packages/radicale/__init__.py", line 197, in process_request_thread
RuntimeError: SSL handshake failed: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1056)
^C
[105b4c5c0] INFO: Stopping Radicale

Only idea I have now is that something during the self signing of the SSL certificate failed. Could redo this. Any other ideas?

porg commented 5 years ago

@tnajdek and all other etesync Mac experts: Help appreciated!

Did the self signing a second time to no avail. Adding a CalDAV, either directly from Calendar.app or via System Preferences > Internet Accounts both failed (they are the same UIs integrated at two different places).

Clicking the button multiple times eventually added the CalDAV, but faulty as it seems. Output then is the following: 3-SSL-checked-calCreation.txt

Because then neither new calendars nor events can be persisted properly:

New calendars remain after a restart of Calendar.app, but only exist in some temporary store in Calendar.app
- not within etesync-dav's application support directory, b/c etesync_data.db does not shows the timestamp of the calendar event creation but when etesync-dav manage ran the first time (=initialization).
- not on the etesync API server b/c in the Web App the calendar has no collections nor events.
And new events shortly appear on the calendar canvas but then disappear (=not persisted at all). 1-SSL-unchecked-eventCreation.txt 2-SSL-checked-eventCreation.txt

porg commented 5 years ago

ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1056)

Could it be that the openssl shipped with macOS 10.14.4 with which I created the self signed certificate is too new for etesync-dav 0.5.5?

$ etesync-dav --version
2.1.11  # Interesting version offset as I downloaded from https://github.com/etesync/etesync-dav/releases/tag/v0.5.0
$ openssl version -a
LibreSSL 2.6.5
built on: date not available
platform: information not available
options:  bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) blowfish(idx) 
compiler: information not available
OPENSSLDIR: "/private/etc/ssl"

tasn commented 5 years ago

Your installed version is LibreSSL (which is mostly OpenSSL compatible but not 100%), maybe that's causing issues. Though looking at the error it looks like your Mac is making http requests to your https server. Could you verify you are really making https requests? One easy way of checking things is just opening https://localhost:37358/ in your browser. Does that work correctly?

Mojave SSL bugginess is annoying. :|

odkr commented 5 years ago

Sorry to be so late to the party! I totally overlooked my GitHub mails.

@tasn, I've just created a PR that hopefullx fixes @idmyn's issue. @idmyn, could you try it out once it's out? It works for me, but it worked for me the last time, too.

odkr commented 5 years ago

@porg I've just played around with my setup a bit. I'm also on macOS 10.4.4. I can create new calendars, but I can't name them (in Calendar.app, that is). Calendar.app first shows the new name, but then reverts back to "Untitled." But this just seems to be one more Mojave bug. SSL works. (I tried to create a new certificate to cross-check, but the behaviour is exactly the same.) Not that this helps, of course.

porg commented 5 years ago

Note: Tested very intensively. If the report mentions "sometimes this, sometimes that" this really is the observation after several thoroughly conducted and observed attempts!

OpenSSL

I confirm that my OpenSSL executable is really the one which ships with macOS and not any which was installed by another package manager or installer.

$ which openssl
/usr/bin/openssl
$ ls -l /usr/bin/open*
-rwxr-xr-x  1 root  wheel   105952 Mar 21 07:08 /usr/bin/open
-rwxr-xr-x  1 root  wheel    18304 Mar 21 07:08 /usr/bin/opendiff
-rwxr-xr-x  1 root  wheel     8038 Aug 21  2018 /usr/bin/opensnoop
-rwxr-xr-x  1 root  wheel  1178976 Mar 21 07:08 /usr/bin/openssl
# All with the same timestamp. They sure all originate from the macOS 10.14.4 update.

OpenSSL certificate

http://localhost:37358/ --> Safari says that it could not open the page as the server ended the connection unexpectedly.

https://localhost:37358/ with self signed certificate with Trust=never --> Safari refuses to connect saying this connection is not private.

https://localhost:37358/ with self signed certificate with Trust=always --> Sometimes I get a 500 Internal Server Error: login mask loading fails.txt --> Sometimes I get to a login mask: login mask loading works.txt

Login Mask to Radicale

Intentionally entering wrong credentials --> 401 Unauthorized

Entering correct credentials --> I get logged in.

Entering correct credentials after a longer time of inactivity --> Fails with 500 Internal Server Error login mask loading fails with 500 if after a long time of inactivity.txt

Note: Before debugging in a web browser be sure to deactivate any Calendar apps and/or their daemons that this is out of the equation. On macOS simply delete or deactivate your CalDAV/CardDAV account while accessing radicale via web browser.
Question: Is concurrency of multiple CalDAV clients to one etesync-dav server supported?

Inside Radicale

When being inside, click on "Create new addressbook or calendar" --> Fails with 403 Forbidden, if done quickly after login or quickly after a previous attempt create new collection attempt 1 fails with 403.txt create new collection attempt 3 fails with 403.txt --> Fails with 500 Internal Server Error, if done after a longer time of inactivity. create new collection attempt 2 after longer inactivity fails with 500.txt -- I did not achieve a single successful creation with the default collection type choice "calendar, journal and task". Always failed.

odkr commented 5 years ago

Just to be clear, I’m not a developer, I only contributed a measly script to help getting EteSync to work in Mojave. All I can offer is that we compare how our systems differ to try to locate what causes the error.

I’m on the same version of Mojave and using the same version of etesync-dav. So the only remaining relevant difference I can think of is Python.

What Python version do you run? And does etesync-dav have a virtual environment of its own?

$ cd /path/to/etesync-dav $ . bin/activate $ etesync-dav --version 2.1.11 $ python3 --version Python 3.7.2

This is the version that homebrew ships out.

porg commented 5 years ago

@odkr

[…] Just to be clear, I’m not a developer, I only contributed a measly script […]

That's exactly my skill level too ;-)

I installed etesync-dav

by downloading the single binary, and moved it to /usr/local/bin/ with proper execution permissions.
without any virtual environment
without having touched Python

Like this:

$ cd ~/Downloads/

$ wget https://github.com/etesync/etesync-dav/releases/download/v0.5.0/mac-etesync-dav
[…] ‘mac-etesync-dav’ saved [8760774/8760774] […]

$ ls -l mac-etesync-dav
-rw-r--r--@ 1 sn  staff  8760774 Mar  7 23:28 mac-etesync-dav

$ mv mac-etesync-dav /usr/local/bin/etesync-dav
$ ls -l /usr/local/bin/etesync-dav
-rw-r--r--@ 1 sn  staff  8760774 Mar  7 23:28 /usr/local/bin/etesync-dav

$ chmod +x /usr/local/bin/etesync-dav
$ ls -l /usr/local/bin/etesync-dav
-rwxr-xr-x@ 1 sn  staff  8760774 Mar  7 23:28 /usr/local/bin/etesync-dav

$ cd /

$ which etesync-dav
/usr/local/bin/etesync-dav
$ etesync-dav --version
2.1.11

$ type -a python3
python3 is /usr/local/bin/python3
python3 --version
Python 3.7.3

$ type -a python
python is /usr/bin/python
python is /usr/local/bin/python
$ /usr/bin/python --version
Python 2.7.10
$ /usr/local/bin/python --version
Python 2.7.16

porg commented 5 years ago

@all Tried another web app radicale session on another local user account where Calendar.app has no network calendars at all and where etesync-dav has another user, but experienced exactly the same problems. Still am failing with setup on the etesync Desktop bridge for the Mac, far from using etesync at all :-(

### In this log my comments are prefixed with three hashes.
### They mention the user interactions I am about to do and/or observations thereafter.

$ etesync-dav -D

[1118055c0] INFO: Starting Radicale
[1118055c0] INFO: Authentication type is 'htpasswd'
[1118055c0] INFO: Storage type is 'radicale_storage_etesync'
[1118055c0] INFO: Rights type is 'radicale_storage_etesync.rights'
[1118055c0] INFO: Web type is 'internal'
[1118055c0] INFO: Listening to '1.0.0.127.in-addr.arpa' on port 37358
[1118055c0] INFO: Radicale server ready
[7000089e4000] INFO: GET request for '/' received from 127.0.0.1 using 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36'
[7000089e4000] DEBUG: Request headers:
{'CONTENT_LENGTH': '',
 'CONTENT_TYPE': 'text/plain',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br',
 'HTTP_ACCEPT_LANGUAGE': 'de,en;q=0.9,sk;q=0.8,he;q=0.7,cy;q=0.6',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_HOST': 'localhost:37358',
 'HTTP_UPGRADE_INSECURE_REQUESTS': '1',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) '
                    'AppleWebKit/537.36 (KHTML, like Gecko) '
                    'Chrome/73.0.3683.103 Safari/537.36',
 'PATH_INFO': '/',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '127.0.0.1',
 'REMOTE_HOST': '',
 'REQUEST_METHOD': 'GET',
 'SCRIPT_NAME': '',
 'SERVER_NAME': '1.0.0.127.in-addr.arpa',
 'SERVER_PORT': '37358',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'WSGIServer/0.2',
 'wsgi.errors': <_io.StringIO object at 0x10be7adc8>,
 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
 'wsgi.input': <_io.BufferedReader name=8>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': True,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}
[7000089e4000] DEBUG: Sanitized script name: ''
[7000089e4000] DEBUG: Sanitized path: '/'
[7000089e4000] DEBUG: Response content:
Redirected to .web
[7000089e4000] INFO: GET response status for '/' in 0.002 seconds: 302 Found
[700008ee7000] INFO: GET request for '/.web' received from 127.0.0.1 using 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36'
[700008ee7000] DEBUG: Request headers:
{'CONTENT_LENGTH': '',
 'CONTENT_TYPE': 'text/plain',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br',
 'HTTP_ACCEPT_LANGUAGE': 'de,en;q=0.9,sk;q=0.8,he;q=0.7,cy;q=0.6',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_HOST': 'localhost:37358',
 'HTTP_UPGRADE_INSECURE_REQUESTS': '1',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) '
                    'AppleWebKit/537.36 (KHTML, like Gecko) '
                    'Chrome/73.0.3683.103 Safari/537.36',
 'PATH_INFO': '/.web',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '127.0.0.1',
 'REMOTE_HOST': '',
 'REQUEST_METHOD': 'GET',
 'SCRIPT_NAME': '',
 'SERVER_NAME': '1.0.0.127.in-addr.arpa',
 'SERVER_PORT': '37358',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'WSGIServer/0.2',
 'wsgi.errors': <_io.StringIO object at 0x10be7aaf8>,
 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
 'wsgi.input': <_io.BufferedReader name=9>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': True,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}
[700008ee7000] DEBUG: Sanitized script name: ''
[700008ee7000] DEBUG: Sanitized path: '/.web'
[700008ee7000] DEBUG: Response content:
Redirected to .web/
[700008ee7000] INFO: GET response status for '/.web' in 0.001 seconds: 302 Found
[7000089e4000] INFO: GET request for '/.web/' received from 127.0.0.1 using 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36'
[7000089e4000] DEBUG: Request headers:
{'CONTENT_LENGTH': '',
 'CONTENT_TYPE': 'text/plain',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br',
 'HTTP_ACCEPT_LANGUAGE': 'de,en;q=0.9,sk;q=0.8,he;q=0.7,cy;q=0.6',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_HOST': 'localhost:37358',
 'HTTP_IF_MODIFIED_SINCE': 'Sun, 07 Apr 2019 21:27:27 GMT',
 'HTTP_UPGRADE_INSECURE_REQUESTS': '1',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) '
                    'AppleWebKit/537.36 (KHTML, like Gecko) '
                    'Chrome/73.0.3683.103 Safari/537.36',
 'PATH_INFO': '/.web/',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '127.0.0.1',
 'REMOTE_HOST': '',
 'REQUEST_METHOD': 'GET',
 'SCRIPT_NAME': '',
 'SERVER_NAME': '1.0.0.127.in-addr.arpa',
 'SERVER_PORT': '37358',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'WSGIServer/0.2',
 'wsgi.errors': <_io.StringIO object at 0x10be7aaf8>,
 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
 'wsgi.input': <_io.BufferedReader name=8>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': True,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}
[7000089e4000] DEBUG: Sanitized script name: ''
[7000089e4000] DEBUG: Sanitized path: '/.web/'
[7000089e4000] INFO: GET response status for '/.web/' in 0.002 seconds: 200 OK
[7000089e4000] INFO: GET request for '/.web/fn.js' received from 127.0.0.1 using 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36'
[7000089e4000] DEBUG: Request headers:
{'CONTENT_LENGTH': '',
 'CONTENT_TYPE': 'text/plain',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': '*/*',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br',
 'HTTP_ACCEPT_LANGUAGE': 'de,en;q=0.9,sk;q=0.8,he;q=0.7,cy;q=0.6',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_HOST': 'localhost:37358',
 'HTTP_REFERER': 'http://localhost:37358/.web/',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) '
                    'AppleWebKit/537.36 (KHTML, like Gecko) '
                    'Chrome/73.0.3683.103 Safari/537.36',
 'PATH_INFO': '/.web/fn.js',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '127.0.0.1',
 'REMOTE_HOST': '',
 'REQUEST_METHOD': 'GET',
 'SCRIPT_NAME': '',
 'SERVER_NAME': '1.0.0.127.in-addr.arpa',
 'SERVER_PORT': '37358',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'WSGIServer/0.2',
 'wsgi.errors': <_io.StringIO object at 0x10be7aaf8>,
 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
 'wsgi.input': <_io.BufferedReader name=8>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': True,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}
[7000089e4000] DEBUG: Sanitized script name: ''
[7000089e4000] DEBUG: Sanitized path: '/.web/fn.js'
[700008ee7000] INFO: GET request for '/.web/css/main.css' received from 127.0.0.1 using 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36'
[700008ee7000] DEBUG: Request headers:
{'CONTENT_LENGTH': '',
 'CONTENT_TYPE': 'text/plain',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': 'text/css,*/*;q=0.1',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br',
 'HTTP_ACCEPT_LANGUAGE': 'de,en;q=0.9,sk;q=0.8,he;q=0.7,cy;q=0.6',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_HOST': 'localhost:37358',
 'HTTP_IF_MODIFIED_SINCE': 'Sun, 07 Apr 2019 21:27:27 GMT',
 'HTTP_REFERER': 'http://localhost:37358/.web/',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) '
                    'AppleWebKit/537.36 (KHTML, like Gecko) '
                    'Chrome/73.0.3683.103 Safari/537.36',
 'PATH_INFO': '/.web/css/main.css',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '127.0.0.1',
 'REMOTE_HOST': '',
 'REQUEST_METHOD': 'GET',
 'SCRIPT_NAME': '',
 'SERVER_NAME': '1.0.0.127.in-addr.arpa',
 'SERVER_PORT': '37358',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'WSGIServer/0.2',
 'wsgi.errors': <_io.StringIO object at 0x10be7adc8>,
 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
 'wsgi.input': <_io.BufferedReader name=9>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': True,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}
[700008ee7000] DEBUG: Sanitized script name: ''
[700008ee7000] DEBUG: Sanitized path: '/.web/css/main.css'
[700008ee7000] INFO: GET response status for '/.web/css/main.css' in 0.002 seconds: 200 OK
[7000089e4000] INFO: GET response status for '/.web/fn.js' in 0.005 seconds: 200 OK

### Will login now.                 

[7000089e4000] INFO: PROPFIND request for '/' received from 127.0.0.1 using 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36'
[7000089e4000] DEBUG: Request headers:
{'CONTENT_LENGTH': '127',
 'CONTENT_TYPE': 'text/plain;charset=UTF-8',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': '*/*',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br',
 'HTTP_ACCEPT_LANGUAGE': 'de,en;q=0.9,sk;q=0.8,he;q=0.7,cy;q=0.6',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_HOST': 'localhost:37358',
 'HTTP_ORIGIN': 'http://localhost:37358',
 'HTTP_REFERER': 'http://localhost:37358/.web/',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) '
                    'AppleWebKit/537.36 (KHTML, like Gecko) '
                    'Chrome/73.0.3683.103 Safari/537.36',
 'PATH_INFO': '/',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '127.0.0.1',
 'REMOTE_HOST': '',
 'REQUEST_METHOD': 'PROPFIND',
 'SCRIPT_NAME': '',
 'SERVER_NAME': '1.0.0.127.in-addr.arpa',
 'SERVER_PORT': '37358',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'WSGIServer/0.2',
 'wsgi.errors': <_io.StringIO object at 0x10be7aaf8>,
 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
 'wsgi.input': <_io.BufferedReader name=8>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': True,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}
[7000089e4000] DEBUG: Sanitized script name: ''
[7000089e4000] DEBUG: Sanitized path: '/'
[7000089e4000] INFO: Access to '/' denied for anonymous user
[7000089e4000] DEBUG: Asking client for authentication
[7000089e4000] DEBUG: Response content:
Access to the requested resource forbidden.
[7000089e4000] INFO: PROPFIND response status for '/' in 0.001 seconds: 401 Unauthorized
[7000089e4000] INFO: PROPFIND request for '/' received from 127.0.0.1 using 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36'
[7000089e4000] DEBUG: Request headers:
{'CONTENT_LENGTH': '127',
 'CONTENT_TYPE': 'text/plain;charset=UTF-8',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': '*/*',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br',
 'HTTP_ACCEPT_LANGUAGE': 'de,en;q=0.9,sk;q=0.8,he;q=0.7,cy;q=0.6',
 'HTTP_AUTHORIZATION': 'Basic **masked**',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_HOST': 'localhost:37358',
 'HTTP_ORIGIN': 'http://localhost:37358',
 'HTTP_REFERER': 'http://localhost:37358/.web/',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) '
                    'AppleWebKit/537.36 (KHTML, like Gecko) '
                    'Chrome/73.0.3683.103 Safari/537.36',
 'PATH_INFO': '/',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '127.0.0.1',
 'REMOTE_HOST': '',
 'REQUEST_METHOD': 'PROPFIND',
 'SCRIPT_NAME': '',
 'SERVER_NAME': '1.0.0.127.in-addr.arpa',
 'SERVER_PORT': '37358',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'WSGIServer/0.2',
 'wsgi.errors': <_io.StringIO object at 0x10be7aaf8>,
 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
 'wsgi.input': <_io.BufferedReader name=8>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': True,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}
[7000089e4000] DEBUG: Sanitized script name: ''
[7000089e4000] DEBUG: Sanitized path: '/'
[7000089e4000] INFO: Successful login: 'xxx@xxx.com'
[7000089e4000] DEBUG: Request content:
<?xml version="1.0"?>
<propfind xmlns="DAV:">
  <prop>
    <current-user-principal />
    <displayname />
  </prop>
</propfind>

[7000089e4000] DEBUG: 'xxx@xxx.com' has read access to collection ''
[7000089e4000] DEBUG: Response content:
<?xml version="1.0"?>
<multistatus xmlns="DAV:">
  <response>
    <href>/</href>
    <propstat>
      <prop>
        <current-user-principal>
          <href>/p.org%40gmx.at/</href>
        </current-user-principal>
        <displayname />
      </prop>
      <status>HTTP/1.1 200 OK</status>
    </propstat>
  </response>
</multistatus>

[7000089e4000] INFO: PROPFIND response status for '/' in 17.540 seconds: 207 Multi-Status
[7000089e4000] INFO: PROPFIND request for '/xxx@xxx.com/' with depth '1' received from 127.0.0.1 using 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36'
[7000089e4000] DEBUG: Request headers:
{'CONTENT_LENGTH': '461',
 'CONTENT_TYPE': 'text/plain;charset=UTF-8',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': '*/*',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br',
 'HTTP_ACCEPT_LANGUAGE': 'de,en;q=0.9,sk;q=0.8,he;q=0.7,cy;q=0.6',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_DEPTH': '1',
 'HTTP_HOST': 'localhost:37358',
 'HTTP_ORIGIN': 'http://localhost:37358',
 'HTTP_REFERER': 'http://localhost:37358/.web/',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) '
                    'AppleWebKit/537.36 (KHTML, like Gecko) '
                    'Chrome/73.0.3683.103 Safari/537.36',
 'PATH_INFO': '/xxx@xxx.com/',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '127.0.0.1',
 'REMOTE_HOST': '',
 'REQUEST_METHOD': 'PROPFIND',
 'SCRIPT_NAME': '',
 'SERVER_NAME': '1.0.0.127.in-addr.arpa',
 'SERVER_PORT': '37358',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'WSGIServer/0.2',
 'wsgi.errors': <_io.StringIO object at 0x10bea8ee8>,
 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
 'wsgi.input': <_io.BufferedReader name=8>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': True,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}
[7000089e4000] DEBUG: Sanitized script name: ''
[7000089e4000] DEBUG: Sanitized path: '/xxx@xxx.com/'
[7000089e4000] INFO: Access to '/xxx@xxx.com/' denied for anonymous user
[7000089e4000] DEBUG: Asking client for authentication
[7000089e4000] DEBUG: Response content:
Access to the requested resource forbidden.
[7000089e4000] INFO: PROPFIND response status for '/xxx@xxx.com/' with depth '1' in 0.001 seconds: 401 Unauthorized
[7000089e4000] INFO: PROPFIND request for '/xxx@xxx.com/' with depth '1' received from 127.0.0.1 using 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36'
[7000089e4000] DEBUG: Request headers:
{'CONTENT_LENGTH': '461',
 'CONTENT_TYPE': 'text/plain;charset=UTF-8',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': '*/*',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br',
 'HTTP_ACCEPT_LANGUAGE': 'de,en;q=0.9,sk;q=0.8,he;q=0.7,cy;q=0.6',
 'HTTP_AUTHORIZATION': 'Basic **masked**',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_DEPTH': '1',
 'HTTP_HOST': 'localhost:37358',
 'HTTP_ORIGIN': 'http://localhost:37358',
 'HTTP_REFERER': 'http://localhost:37358/.web/',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) '
                    'AppleWebKit/537.36 (KHTML, like Gecko) '
                    'Chrome/73.0.3683.103 Safari/537.36',
 'PATH_INFO': '/xxx@xxx.com/',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '127.0.0.1',
 'REMOTE_HOST': '',
 'REQUEST_METHOD': 'PROPFIND',
 'SCRIPT_NAME': '',
 'SERVER_NAME': '1.0.0.127.in-addr.arpa',
 'SERVER_PORT': '37358',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'WSGIServer/0.2',
 'wsgi.errors': <_io.StringIO object at 0x10bea8ee8>,
 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
 'wsgi.input': <_io.BufferedReader name=8>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': True,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}
[7000089e4000] DEBUG: Sanitized script name: ''
[7000089e4000] DEBUG: Sanitized path: '/xxx@xxx.com/'
[7000089e4000] INFO: Successful login: 'xxx@xxx.com'
[7000089e4000] DEBUG: Request content:
<?xml version="1.0"?>
<propfind xmlns="DAV:" xmlns:C="urn:ietf:params:xml:ns:caldav" xmlns:CR="urn:ietf:params:xml:ns:carddav" xmlns:ICAL="http://apple.com/ns/ical/" xmlns:RADICALE="http://radicale.org/ns/" xmlns:ns3="http://inf-it.com/ns/ab/">
  <prop>
    <resourcetype />
    <RADICALE:displayname />
    <ICAL:calendar-color />
    <ns3:addressbook-color />
    <C:calendar-description />
    <C:supported-calendar-component-set />
    <CR:addressbook-description />
  </prop>
</propfind>

[7000089e4000] DEBUG: 'xxx@xxx.com' has read and write access to collection 'xxx@xxx.com'
[7000089e4000] DEBUG: Response content:
<?xml version="1.0"?>
<multistatus xmlns="DAV:" xmlns:C="urn:ietf:params:xml:ns:caldav" xmlns:CR="urn:ietf:params:xml:ns:carddav" xmlns:ICAL="http://apple.com/ns/ical/" xmlns:RADICALE="http://radicale.org/ns/" xmlns:ns3="http://inf-it.com/ns/ab/">
  <response>
    <href>/p.org%40gmx.at/</href>
    <propstat>
      <prop>
        <resourcetype>
          <principal />
          <collection />
        </resourcetype>
        <RADICALE:displayname />
        <ICAL:calendar-color />
        <ns3:addressbook-color />
        <C:calendar-description />
        <CR:addressbook-description />
      </prop>
      <status>HTTP/1.1 200 OK</status>
    </propstat>
    <propstat>
      <prop>
        <C:supported-calendar-component-set />
      </prop>
      <status>HTTP/1.1 404 Not Found</status>
    </propstat>
  </response>
</multistatus>

[7000089e4000] INFO: PROPFIND response status for '/xxx@xxx.com/' with depth '1' in 0.010 seconds: 207 Multi-Status

### Am inside Radicale. My outbound firewall LittleSnitch had asked me whether to grant etesync-dav network access and I granted not only to etesync.com but to all domains/ports for now, to have nothing in our way.

### Clicked "Create new collection"
# No further debug output interestingly.
# Got to mask for creating new collection.

### Will now create new collection test1.

[7000089e4000] INFO: MKCOL request for '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/' received from 127.0.0.1 using 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36'
[7000089e4000] DEBUG: Request headers:
{'CONTENT_LENGTH': '527',
 'CONTENT_TYPE': 'text/plain;charset=UTF-8',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': '*/*',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br',
 'HTTP_ACCEPT_LANGUAGE': 'de,en;q=0.9,sk;q=0.8,he;q=0.7,cy;q=0.6',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_HOST': 'localhost:37358',
 'HTTP_ORIGIN': 'http://localhost:37358',
 'HTTP_REFERER': 'http://localhost:37358/.web/',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) '
                    'AppleWebKit/537.36 (KHTML, like Gecko) '
                    'Chrome/73.0.3683.103 Safari/537.36',
 'PATH_INFO': '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '127.0.0.1',
 'REMOTE_HOST': '',
 'REQUEST_METHOD': 'MKCOL',
 'SCRIPT_NAME': '',
 'SERVER_NAME': '1.0.0.127.in-addr.arpa',
 'SERVER_PORT': '37358',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'WSGIServer/0.2',
 'wsgi.errors': <_io.StringIO object at 0x10c2043a8>,
 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
 'wsgi.input': <_io.BufferedReader name=8>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': True,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}
[7000089e4000] DEBUG: Sanitized script name: ''
[7000089e4000] DEBUG: Sanitized path: '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/'
[7000089e4000] INFO: Access to '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/' denied for anonymous user
[7000089e4000] DEBUG: Asking client for authentication
[7000089e4000] DEBUG: Response content:
Access to the requested resource forbidden.
[7000089e4000] INFO: MKCOL response status for '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/' in 0.001 seconds: 401 Unauthorized
[7000089e4000] INFO: MKCOL request for '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/' received from 127.0.0.1 using 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36'
[7000089e4000] DEBUG: Request headers:
{'CONTENT_LENGTH': '527',
 'CONTENT_TYPE': 'text/plain;charset=UTF-8',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': '*/*',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br',
 'HTTP_ACCEPT_LANGUAGE': 'de,en;q=0.9,sk;q=0.8,he;q=0.7,cy;q=0.6',
 'HTTP_AUTHORIZATION': 'Basic **masked**',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_HOST': 'localhost:37358',
 'HTTP_ORIGIN': 'http://localhost:37358',
 'HTTP_REFERER': 'http://localhost:37358/.web/',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) '
                    'AppleWebKit/537.36 (KHTML, like Gecko) '
                    'Chrome/73.0.3683.103 Safari/537.36',
 'PATH_INFO': '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '127.0.0.1',
 'REMOTE_HOST': '',
 'REQUEST_METHOD': 'MKCOL',
 'SCRIPT_NAME': '',
 'SERVER_NAME': '1.0.0.127.in-addr.arpa',
 'SERVER_PORT': '37358',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'WSGIServer/0.2',
 'wsgi.errors': <_io.StringIO object at 0x10c2043a8>,
 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
 'wsgi.input': <_io.BufferedReader name=8>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': True,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}
[7000089e4000] DEBUG: Sanitized script name: ''
[7000089e4000] DEBUG: Sanitized path: '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/'
[7000089e4000] INFO: Successful login: 'xxx@xxx.com'
[7000089e4000] INFO: Access to '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/' denied for 'xxx@xxx.com'
[7000089e4000] DEBUG: Response content:
Access to the requested resource forbidden.
[7000089e4000] INFO: MKCOL response status for '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/' in 0.307 seconds: 403 Forbidden

### Got a 403 Forbidden in the UI.

### Try test2

[7000089e4000] INFO: MKCOL request for '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/' received from 127.0.0.1 using 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36'
[7000089e4000] DEBUG: Request headers:
{'CONTENT_LENGTH': '527',
 'CONTENT_TYPE': 'text/plain;charset=UTF-8',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': '*/*',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br',
 'HTTP_ACCEPT_LANGUAGE': 'de,en;q=0.9,sk;q=0.8,he;q=0.7,cy;q=0.6',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_HOST': 'localhost:37358',
 'HTTP_ORIGIN': 'http://localhost:37358',
 'HTTP_REFERER': 'http://localhost:37358/.web/',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) '
                    'AppleWebKit/537.36 (KHTML, like Gecko) '
                    'Chrome/73.0.3683.103 Safari/537.36',
 'PATH_INFO': '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '127.0.0.1',
 'REMOTE_HOST': '',
 'REQUEST_METHOD': 'MKCOL',
 'SCRIPT_NAME': '',
 'SERVER_NAME': '1.0.0.127.in-addr.arpa',
 'SERVER_PORT': '37358',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'WSGIServer/0.2',
 'wsgi.errors': <_io.StringIO object at 0x10be7af78>,
 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
 'wsgi.input': <_io.BufferedReader name=8>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': True,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}
[7000089e4000] DEBUG: Sanitized script name: ''
[7000089e4000] DEBUG: Sanitized path: '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/'
[7000089e4000] INFO: Access to '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/' denied for anonymous user
[7000089e4000] DEBUG: Asking client for authentication
[7000089e4000] DEBUG: Response content:
Access to the requested resource forbidden.
[7000089e4000] INFO: MKCOL response status for '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/' in 0.001 seconds: 401 Unauthorized
[7000089e4000] INFO: MKCOL request for '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/' received from 127.0.0.1 using 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36'
[7000089e4000] DEBUG: Request headers:
{'CONTENT_LENGTH': '527',
 'CONTENT_TYPE': 'text/plain;charset=UTF-8',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': '*/*',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br',
 'HTTP_ACCEPT_LANGUAGE': 'de,en;q=0.9,sk;q=0.8,he;q=0.7,cy;q=0.6',
 'HTTP_AUTHORIZATION': 'Basic **masked**',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_HOST': 'localhost:37358',
 'HTTP_ORIGIN': 'http://localhost:37358',
 'HTTP_REFERER': 'http://localhost:37358/.web/',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) '
                    'AppleWebKit/537.36 (KHTML, like Gecko) '
                    'Chrome/73.0.3683.103 Safari/537.36',
 'PATH_INFO': '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '127.0.0.1',
 'REMOTE_HOST': '',
 'REQUEST_METHOD': 'MKCOL',
 'SCRIPT_NAME': '',
 'SERVER_NAME': '1.0.0.127.in-addr.arpa',
 'SERVER_PORT': '37358',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'WSGIServer/0.2',
 'wsgi.errors': <_io.StringIO object at 0x10be7af78>,
 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
 'wsgi.input': <_io.BufferedReader name=8>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': True,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}
[7000089e4000] DEBUG: Sanitized script name: ''
[7000089e4000] DEBUG: Sanitized path: '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/'
[7000089e4000] INFO: Successful login: 'xxx@xxx.com'
[7000089e4000] INFO: Access to '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/' denied for 'xxx@xxx.com'
[7000089e4000] DEBUG: Response content:
Access to the requested resource forbidden.
[7000089e4000] INFO: MKCOL response status for '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/' in 0.010 seconds: 403 Forbidden

### Failed again.

### Try test3 of type calendar.

[7000089e4000] INFO: MKCOL request for '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/' received from 127.0.0.1 using 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36'
[7000089e4000] DEBUG: Request headers:
{'CONTENT_LENGTH': '478',
 'CONTENT_TYPE': 'text/plain;charset=UTF-8',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': '*/*',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br',
 'HTTP_ACCEPT_LANGUAGE': 'de,en;q=0.9,sk;q=0.8,he;q=0.7,cy;q=0.6',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_HOST': 'localhost:37358',
 'HTTP_ORIGIN': 'http://localhost:37358',
 'HTTP_REFERER': 'http://localhost:37358/.web/',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) '
                    'AppleWebKit/537.36 (KHTML, like Gecko) '
                    'Chrome/73.0.3683.103 Safari/537.36',
 'PATH_INFO': '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '127.0.0.1',
 'REMOTE_HOST': '',
 'REQUEST_METHOD': 'MKCOL',
 'SCRIPT_NAME': '',
 'SERVER_NAME': '1.0.0.127.in-addr.arpa',
 'SERVER_PORT': '37358',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'WSGIServer/0.2',
 'wsgi.errors': <_io.StringIO object at 0x10bea8ee8>,
 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
 'wsgi.input': <_io.BufferedReader name=8>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': True,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}
[7000089e4000] DEBUG: Sanitized script name: ''
[7000089e4000] DEBUG: Sanitized path: '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/'
[7000089e4000] INFO: Access to '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/' denied for anonymous user
[7000089e4000] DEBUG: Asking client for authentication
[7000089e4000] DEBUG: Response content:
Access to the requested resource forbidden.
[7000089e4000] INFO: MKCOL response status for '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/' in 0.001 seconds: 401 Unauthorized
[7000089e4000] INFO: MKCOL request for '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/' received from 127.0.0.1 using 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36'
[7000089e4000] DEBUG: Request headers:
{'CONTENT_LENGTH': '478',
 'CONTENT_TYPE': 'text/plain;charset=UTF-8',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': '*/*',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br',
 'HTTP_ACCEPT_LANGUAGE': 'de,en;q=0.9,sk;q=0.8,he;q=0.7,cy;q=0.6',
 'HTTP_AUTHORIZATION': 'Basic **masked**',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_HOST': 'localhost:37358',
 'HTTP_ORIGIN': 'http://localhost:37358',
 'HTTP_REFERER': 'http://localhost:37358/.web/',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) '
                    'AppleWebKit/537.36 (KHTML, like Gecko) '
                    'Chrome/73.0.3683.103 Safari/537.36',
 'PATH_INFO': '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '127.0.0.1',
 'REMOTE_HOST': '',
 'REQUEST_METHOD': 'MKCOL',
 'SCRIPT_NAME': '',
 'SERVER_NAME': '1.0.0.127.in-addr.arpa',
 'SERVER_PORT': '37358',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'WSGIServer/0.2',
 'wsgi.errors': <_io.StringIO object at 0x10bea8ee8>,
 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
 'wsgi.input': <_io.BufferedReader name=8>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': True,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}
[7000089e4000] DEBUG: Sanitized script name: ''
[7000089e4000] DEBUG: Sanitized path: '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/'
[7000089e4000] INFO: Successful login: 'xxx@xxx.com'
[7000089e4000] INFO: Access to '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/' denied for 'xxx@xxx.com'
[7000089e4000] DEBUG: Response content:
Access to the requested resource forbidden.
[7000089e4000] INFO: MKCOL response status for '/xxx@xxx.com/f84b1c9b-4fd9-0840-9832-ec7334f80398/' in 0.011 seconds: 403 Forbidden

### Failed again.

# Pressing ctrl-c
[1118055c0] INFO: Stopping Radicale
[1118055c0] INFO: Stopping Radicale

tasn commented 5 years ago

@odkr , I think maybe the best thing to do would try walking through your manual instructions, rather than the script and see if when following them, it works.

odkr commented 5 years ago

Okay, so here goes:

Setup of my system

I created a non-SSL setup from my current settings.

EteSync:

$ cd Library/Application\ Support/etesync-dav $ ls etesync_creds htpaswd radicale.conf.orig etesync_data.db radicale.conf $ cat radicale.conf [server] hosts = localhost:37358

[auth] type = htpasswd htpasswd_filename = /Users/odin/Library/Application Support/etesync-dav/htpaswd htpasswd_encryption = plain

[storage] type = radicale_storage_etesync database_filename = /Users/odin/Library/Application Support/etesync-dav/etesync_data.db remote_url = https://api.etesync.com/ credentials_filename = /Users/odin/Library/Application Support/etesync-dav/etesync_creds

Just to make sure I'm using the same vesion of LibreSSL:

$ openssl version -a LibreSSL 2.6.5 built on: date not available platform: information not available options: bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) blowfish(idx) compiler: information not available OPENSSLDIR: "/private/etc/ssl"

Configuring EteSync to use SSL

$ cd ~/Library/Application\ Support/etesync-dav

Generate the certificate:

$ openssl req -x509 -nodes -newkey rsa:2048 -keyout cert.key -out cert.pem -days 1780 -subj '/CN=localhost' Generating a 2048 bit RSA private key [...] writing new private key to 'cert.key' -----

Add the certificate to Keychain.app:

$ security import cert.pem 1 certificate imported. $ security add-trusted-cert -p ssl cert.pem

The second command will prompt you for your login password.

Add the following lines to the server section of ~/Library/Application Support/etesync-dav/radicale.conf, but replace /Users/odin with the path to your home directory:

ssl = yes certificate = /Users/odin/Library/Application Support/etesync-dav/cert.pem key = /Users/odin/Library/Application Support/etesync-dav/cert.key

Don't escape whitespaces.

The result should look like this:

$ cat radicale.conf [server] hosts = localhost:37358 ssl = yes certificate = /Users/odin/Library/Application Support/etesync-dav/cert.pem key = /Users/odin/Library/Application Support/etesync-dav/cert.key

[auth] type = htpasswd htpasswd_filename = /Users/odin/Library/Application Support/etesync-dav/htpaswd htpasswd_encryption = plain

[storage] type = radicale_storage_etesync database_filename = /Users/odin/Library/Application Support/etesync-dav/etesync_data.db remote_url = https://api.etesync.com/ credentials_filename = /Users/odin/Library/Application Support/etesync-dav/etesync_creds

Installation of EteSync binary

I got the binary distribution for testing:

$ wget https://github.com/etesync/etesync-dav/releases/download/v0.5.0/mac-etesync-dav [...] $ chmod +x mac-etesync-dav $ nohup ./mac-etesync-dav -D & [1] 15994 appending output to nohup.out

Tests

After doing this, I can add calendars via the webinterface at https://localhost:37358/.web/ in Safari and Events and Calendars via Calendar.app. (Though all calendars I add in Calendar.app are called "Untitled".) That said, my testing was quite superficial. Still, after running through the steps above, everything seems to work as expected (for expectations appropriately adjusted to Mojave).

I've attached the debugging output of mac-etesync-dav for comparison.

tasn commented 5 years ago

The script should now be fixed, but let's see if there are any issues still.

porg commented 5 years ago

@tasn Yes, please give me more time to test this. Btw, sent you a request via email to prolong my trial accoints while this is ongoing.

@odkr From a first read of your full manual setup instruction, there's no fundamental difference to what I did. But I will follow your manual instruction in full detail when being with my etesync computer again and will report in full detail. If that fails I will also try it on a backed up Sierra boot disk.

tasn commented 5 years ago

@porg, I already replied to your emailed and extended your trial. :)

Keep us posted.

idmyn commented 5 years ago

Hi all, I've just had my account reactivated to give this a go, but I'm still having some trouble (with v0.5.0 binary).

I tried following @odkr's instructions above, and each step seemed to match up, but when running the server (and visiting https://localhost:37358/) I'm getting the following error: [70000cd81000] ERROR: An exception occurred during request: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:2484)

Any ideas?

porg commented 5 years ago

@idmyn you have the same relevant error message as I have on macOS Mojave 10.14.4.

This evening I plan to re-run @odkr 's latest instruction step by step (although it sounds essentially the same what I already did). And if failing also re-run on a bootable macOS Sierra 10.12.6 backup disk which I still have, and see how the same binary compares on the two OS versions.

odkr commented 5 years ago

@idmyn, do I get this right that etesync-dav is giving you that error message? This is odd. Did you access the web interface via Safari? If so, what exactly did it say? Does it provide more detailled information why the certificate is "bad"? You can check in Keychain.app whether the operating system trusts it. If it does, then this leaves only relatively odd points of failure (e.g., your clock may be set to the past, rendering the certificate invalid, …, this is all I can think of right now, in fact).

idmyn commented 5 years ago

@odkr yes, I was getting that error message from etesync-dav running in terminal when trying to view localhost in Firefox. I've now tried it in Safari and it works!

I still can't get CalDAV or CardDAV working in my system apps though. When I try to add the CalDAV account in the 'internet accounts' settings pane it says "Unable to verify account name or password" and the terminal says [70000a9d5000] ERROR: An exception occurred during request: SSL handshake failed: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1056)

Adding the CardDAV account seems to work, but no contacts appear in the contacts app.

Also, I'm not sure exactly when precisely these errors came up but when I first opened up localhost in safari, logged in there, and tried to add the accounts in the 'internet accounts' preference pane, I checked back and found the following error messages in the terminal:

[7000060e6000] ERROR: An exception occurred during request: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:2484)
ERROR:root:No module named 'pytz'
ERROR:root:No module named 'pytz'
[7000060e6000] WARNING: Client provided invalid sync token '845f534c-5afd-40e3-82b3-6c8dd6559e95': Sync token are not supported
WARNING:radicale:Client provided invalid sync token '845f534c-5afd-40e3-82b3-6c8dd6559e95': Sync token are not supported
[7000060e6000] ERROR: An exception occurred during request: SSL handshake failed: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1056)
ERROR:radicale:An exception occurred during request: SSL handshake failed: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1056)
[7000060e6000] ERROR: An exception occurred during request: SSL handshake failed: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1056)
ERROR:radicale:An exception occurred during request: SSL handshake failed: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1056)
[7000060e6000] ERROR: An exception occurred during request: SSL handshake failed: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1056)
ERROR:radicale:An exception occurred during request: SSL handshake failed: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1056)

I've had a go at replicating them, but no luck.

porg commented 5 years ago

@all I have the culprit identified:

My radicale.conf per original instruction contained a "rights" section like this

[rights]
type = radicale_storage_etesync.rights

The config of @odkr did not contain it! Without the "rights" section I can now create and delete in the web interface. With the "rights" section re-added I get the same errors again. Could reproduce that 100% stabily.

@idmyn please remove that section from your config file radicale.conf

@tasn Is radicale's "rights" section relevant for the proper functioning of etesync? Or can it be safely omitted? If yes, please make sure all instructional texts (readme, manpage, help texts, etc) do clearly state so!

Next step will be to test it in macOS Calendar and Contacts, but that will be on another day. Already happy that I overcame my first hurdle.

idmyn commented 5 years ago

@porg Interesting!

I didn't have a [rights] section in my radicale.conf though, so I'm still stuck haha

odkr commented 5 years ago

@porg: Great :).

@idmyn: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] makes sense then. I didn't realise that etesync-dav is simply reporting the same connection error as your browser. The instructions provided only make macOS (or, more precisely, the programmes that ship with macOS and/or use the LibreSSL library that ships with macOS) trust the certificate. Browsers other than Safari manage certificates themselves, independently of the operating system. So, if you use Firefox, you'll have to tell it to trust that certificate. Simply add a permanent exception for it.

As for CalDAV and CardDAV. The most common reason for [SSL: WRONG_VERSION_NUMBER] would be that your software simply doesn't make an HTTPS request. I assume you're using Calendar.app and Contacts.app and have set up the CardDAV and CalDAV account under "Internet Accounts"? Note, this setup pane is peculiar. The very same settings work for the "Manual", but not the "Avanced", configuration and vice versa---depending on whether you setup CardDAV or CalDAV. So, you may need to play around with it a bit to get things to work.

It may help to try with Thunderbird/Lightning first, just to check whether etesync-dav works in principle.

@tasn: PR #63 clarifies that the SSL setup instruction don't apply to non-OS apps in the README.

idmyn commented 5 years ago

@odkr Thanks for the tip about trying Thunderbird/Lightning - I've got everything working there, which boosted my confidence :)

I've now got things up and running in Calendar.app (it needed 'use SSL' ticked, contrary to what the README suggests), but I'm having trouble with Contacts.app. I've done quite a bit of trial and error with 'manual' vs 'advanced' and https://localhost:37358 vs https://localhost:37358/user@example.com/ and I'm not sure what else to try. The only combination which successfully authenticates in the 'Internet Accounts' settings pane is 'manual' and https://localhost:37358 and the account is listed in Contacts.app but none of my actual contacts show up. Not sure if it's relevant but when I set up CardDAV in Thunderbird (with CardBook), only half of my contacts appeared. I wonder if it has something to do with vCard version? README says vCard should be set to v4.0 but I only had the option of v3.0. Similarly, in Contacts.app preferences I'm only offered vCard 3.0 or 2.1.

Thanks for all of your help thus far!

odkr commented 5 years ago

@idmyn: You're welcome! :) Unfortunately, I'm at my wits end. The only thing I've noticed is that when I added the account, I specified the URL with a trailing slash ("/"). I don't think that's the source of your problems though.

@tasn: I've added another commit to PR #63 that clarifies that "Use SSL" must be checked in macOS Mojave.

porg commented 5 years ago

I did not forget about it, simply did not get to testing so far. Will report back!

tasn commented 5 years ago

@porg: yes, the rights part is required. It's needed for supporting read-only journals. What errors were you getting exactly with it enabled? Could you maybe send me an email/open another ticket. Thanks!

tasn commented 5 years ago

@idmyn, do you need me to extend your trial again? Sorry for the delays in replying to this one, but @odkr knows better. :)

As for cardbook and contacts.app only letting people choose vCard < 4.0: I don't get it. It used to let me choose 4.0, though it now only lets me choose 3.0 here too. I'll open a different ticket for that. I wonder how this can be fixed.

idmyn commented 5 years ago

@tasn Extended trial could be handy to iron out these issues - thanks!

tasn commented 5 years ago

@idmyn, could you please email again so I have your email?

etesync / etesync-dav