search

kittoku / Open-SSTP-Client

Open SSTP Client for Android
MIT License
402 stars 104 forks source link

The server doesn't give a valid certificate #42

Closed vVxiliVv closed 2 years ago

vVxiliVv commented 3 years ago

I get this error after i unticked Verify hostname. I use softether, and it works with SSTPConnect on iOS.

[15:10:39] Establish VPN connection [15:10:39] An unexpected event occurred: SSLPeerUnverifiedException No peer certificate com.android.org.conscrypt.SSLNullSession.getPeerCertificates(SSLNullSession.java:104) kittoku.osc.layer.SslTerminal.createSocket(SslTerminal.kt:90) kittoku.osc.layer.SslTerminal.initializeSocket$app_release(SslTerminal.kt:123) kittoku.osc.layer.SstpClient.proceed$app_release(SstpClietnt.kt:166) kittoku.osc.ControlClient$launchJobIncoming$1.invokeSuspend(ControlClient.kt:208) kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:56) kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571) kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:738) kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678) kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665) [15:10:39] Terminate VPN connection

vVxiliVv commented 3 years ago

Duplicate, sorry...

kittoku commented 3 years ago

It doesn't look that verifying hostname cause this exception. The log says the server doesn't give a valid certificate. Please check if you can establish VPN connection with other SSTP client, including Windows-built-in client.

vVxiliVv commented 3 years ago

It works, i added the certificate to the trusted thingy on windows and i can in fact connect. I can connect with SSTPConnect on iOS if i disable tls verification.

My certificates common name is my ip, and the server runs on port 8989. I can connect with this app aswell.

https://play.google.com/store/apps/details?id=com.dzebb.sstp The log from that app after connecting.

4:54:46 PM VPN Established. 4:54:46 PM dns 2: 8.8.4.4 4:54:46 PM dns 1: 8.8.8.8 4:54:43 PM Supported protocols: SSLv3 TLSv1 TLSv1.1 TLSv1.2 Enabled protocols: TLSv1.1 TLSv1.2 Using protocol: TLSv1.2 Using cipher : TLS_RSA_WITH_AES_128_CBC_SHA Using peer principal : CN="IP OF MY SERVER" 4:54:43 PM Handshake Completed 4:54:43 PM Connecting... 4:54:43 PM VPN is prepared. 4:54:43 PM starting.. 4:54:19 PM Config is compatible. 4:54:19 PM Checking config...

kittoku commented 3 years ago

hmm...then I cannot come up with any idea now.

vVxiliVv commented 3 years ago

If i enable vpn azure and use that hostname (.....vpnazure.net) it works. EDIT.: i would like to use it with my own domain tough.

kittoku commented 3 years ago

Maybe you failed on Android 6.0 and succeeded on Android 7.1?

vVxiliVv commented 3 years ago

I tried both, they both work with azure enabled. The problem is not with android version.

kittoku commented 3 years ago

And they both failed with your own domain?

vVxiliVv commented 3 years ago

yes they do, only with your app tough :/

kittoku commented 3 years ago

Did you change settings, especially SSL version?

vVxiliVv commented 3 years ago

Nope, last time i tried was with 1.3.1 and it worked. I will check out with a new server, i do not want to play around on my main server.

kittoku commented 3 years ago

I run out my thoughts. Sorry, I cannot solve your issue now.

vVxiliVv commented 3 years ago

I freshly installed softether stable on a new vps. Still i get this with your app.

Debian 9

SSLPeerUnverifiedException No peer certificate

vVxiliVv commented 3 years ago

If i enable verification i get this: [20:43:10] Establish VPN connection [20:43:10] An unexpected event occurred: Exception Failed to verify the hostname kittoku.osc.layer.SslTerminal.createSocket(SslTerminal.kt:85) kittoku.osc.layer.SslTerminal.initializeSocket$app_release(SslTerminal.kt:123) kittoku.osc.layer.SstpClient.proceed$app_release(SstpClietnt.kt:166) kittoku.osc.ControlClient$launchJobIncoming$1.invokeSuspend(ControlClient.kt:208) kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:56) kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571) kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:738) kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678) kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665) [20:43:10] Terminate VPN connection

vVxiliVv commented 3 years ago

If you have a telegram i can give my servers credentials. (Its just a crappy vps...) so you can check whats up O.o

I wonder that u can connect or not from android.

vVxiliVv commented 3 years ago

So i figured out the problem.

I had to manually add the certtificate in android settings, wich is quiet troublesome for users. This is quite troublesome, is there a way to make this work without going to settings?

My certificates CN is 127.0.0.1 and iconnect via a hostname so disable verify hostname works.

This also solved the problem with your Softether app!