AccountCreationWebview Unable to use SSL on android 4.0+

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Create a Wizard which uses AccountCreationWebview pointing to a https SSL 
site
2. Try to use this feature on a phone running android 4.0+
3.

What is the expected output? What do you see instead?
On Android 2.3.3 the page displays properly. On android 4.0+ (sorry I have no 
3.X device) you get a "Webpage not available" error within the webpage

What version of the product are you using? On what operating system?
Version: Latest svn
OS: Android 4.2.1, 4.1.2, 4.0 all show the same issue
Android 2.3.3 is OK.

Please provide any additional information below.

These are the errors from logcat

03-28 13:50:08.063: D/(2140): 
external/chromium/net/http/http_getzip_factory.cc: Failed to construct GETzip 
manager, didn't find the library!
03-28 13:50:08.067: D/netstack(2140): netstack: Request Priority is ON
03-28 13:50:08.091: V/chromium(2140): 
external/chromium/net/disk_cache/hostres_plugin_bridge.cc:52: 
[0328/135008:INFO:hostres_plugin_bridge.cc(52)] StatHubCreateHostResPlugin 
initializing...
03-28 13:50:08.091: V/chromium(2140): 
external/chromium/net/disk_cache/hostres_plugin_bridge.cc:68: 
[0328/135008:INFO:hostres_plugin_bridge.cc(68)] netstack: Failed to open 
plugin:libdnshostprio.so
03-28 13:50:08.091: V/chromium(2140): 
external/chromium/net/disk_cache/hostres_plugin_bridge.cc:73: 
[0328/135008:INFO:hostres_plugin_bridge.cc(73)] netstack: Failed to find 
symbols in plugin: libdnshostprio.so
03-28 13:50:08.091: E/chromium(2140): 
external/chromium/net/disk_cache/stat_hub.cc:216: 
[0328/135008:ERROR:stat_hub.cc(216)] StatHub::Init - App com.imagine.voice 
isn't supported.
03-28 13:50:08.095: V/chromium(2140): 
external/chromium/net/disk_cache/hostres_plugin_bridge.cc:73: 
[0328/135008:INFO:hostres_plugin_bridge.cc(73)] netstack: Failed to find 
symbols in plugin: libdnshostprio.so
03-28 13:50:08.095: E/chromium(2140): 
external/chromium/net/disk_cache/stat_hub.cc:216: 
[0328/135008:ERROR:stat_hub.cc(216)] StatHub::Init - App com.imagine.voice 
isn't supported.
03-28 13:50:08.095: D/(2140): Failed to load DoObserveConnections symbol in 
tcp-connections.so
03-28 13:50:08.255: W/Web Console(2140): The page at 
https://voice2.imagine.ie/prepaid/customer/userinfo2.php displayed insecure 
content from file:///android_asset/webkit/android-weberror.png.
03-28 13:50:08.255: W/Web Console(2140):  at null:1

Original issue reported on code.google.com by ba...@flanagan.ie on 28 Mar 2013 at 2:55

[GoogleCodeExporter]

If I try to access the 
https://voice2.imagine.ie/prepaid/customer/userinfo2.php
using firefox,
I get a 
"""
Forbidden

You don't have permission to access /prepaid/customer/userinfo2.php on this 
server.
"""

Is there some filter on the user-agent made on server side?
Also are you sure there is no redirection made after to a non secure content 
(or secured with a selfsigned certificate/certificate that doesn't match domain 
name).

The problme you get here is not due to csipsimple; It's something from android 
OS when loading a webview to a website. 
Security on latest android versions (due to chrome engine introduction) has 
been increased on this so the website must have no security potential 
weakness/error, else android will refuse to load.
As you can see in the logs, all you see in errors comes from "chromium" lib not 
from csipsimple.

Original comment by r3gis...@gmail.com on 28 Mar 2013 at 3:06

• Changed state: Invalid

[GoogleCodeExporter]

Forbidden for you, but not for me from my IP address.

Also are you sure there is no redirection made after to a non secure

No, but I do see the issue now. The site is using a cert issued to the
correct domain, and while it is accepted fine by Chrome/Firefox/safari etc
on the desktop, I have just tried accessing it from Android and sure enough
it says it is fro man untrusted authority.

Yes, I did not think it was an issue with csipsimple itself, but thought
perhaps there was a flag that needed to be set to allow SSL or relax cert
requirements.

Security on latest android versions (due to chrome engine introduction) has

Thanks.

-Barry

Original comment by ba...@flanagan.ie on 28 Mar 2013 at 3:26

[GoogleCodeExporter]

Well, would be better to continue on the csipsimple-dev google group (this 
issue list is more for users than for developers).

Else,
Yes, there is indeed a way to relax ssl security in csipsimple but I try to 
avoid to use it as it introduce some risk for users.

So if you can find the root cause (it seems the CA is not in CA list of the 
android rom you use), it's the good way to fix the problem.

If you can't find the root cause on your server/on the android rom you use, 
please ask on the csipsimple-dev group on how to relax ssl certificate 
verification in AccountCreationWebview. This way it will benefit all other 
developers and will be easier to search for them.

Original comment by r3gis...@gmail.com on 28 Mar 2013 at 4:28

[GoogleCodeExporter]

Issue solved. Bad certificate chain on server.

Original comment by ba...@flanagan.ie on 28 Mar 2013 at 4:35