Android to Mac Bluetooth Not Working

[oscartbeaumont]

Hello, I have setup my laptop (MacBook Air) using Bluetooth with the IOS app and I would now like to do the same thing with the android app. The computer has a HTTPS proxy which causes communication to AWS to fail. Can it be done via bluetooth like the IOS app and if so, how do you? My phone has not asked for the bluetooth permission but in settings it shows that the app can get the permission. Thanks for this awesome application.

[kcking]

Which android phone are you using? Some models have less reliable bluetooth than others.

You can also have krd use your https proxy by setting the HTTPS_PROXY environment variable (in your ~/.bashrc for example) then running kr restart.

Let us know if this helps.

[oscartbeaumont]

I am not sure how to set that variable for it to work with my proxy. It automatically resigns the traffic on port 443 so I don't need to tell the application where the proxy is. I need to tell the application to trust the certificate authority which the proxy resigns all traffic to which from my understanding can't be done through that variable. Is there a way to parse a certificate for it to trust?

[kcking]

How did you configure other apps on your computer to use the proxy? What I've seen before is setting an HTTPS proxy from the network settings in system preferences. If for example you set your proxy to proxy.com port 8443, then you can set the same for kr with HTTPS_PROXY=http://proxy.com:8443 kr restart.

[kcking]

(kr uses your system's SSL certificate trust settings so that shouldn't be the issue)

[oscartbeaumont]

I have a certificate in the trust store (Keychain cause I am Mac) that Go Lang/kr is not using.

oscar-beaumont:~ oscar.beaumont$ kr debugaws
RequestError: send request failed
caused by: Post https://sqs.us-east-1.amazonaws.com/: x509: certificate signed by unknown authority

[kcking]

Is there an SSL verification error logged to Console.app by kr?

[oscartbeaumont]

[kcking]

It looks like golang's x509 implementation thinks the serial number of some certificate in your keychain is malformed. Can you post the PEM or email it to support@krypt.co if it's not private?

Also out of curiosity, why is the proxy man-in-the-middling HTTPS traffic? Is this a local or remote proxy?

[oscartbeaumont]

The proxy being used is Netbox Blue. It acts as a firewall + HTTPS proxy and It is for blocking websites (as I am a school student). It runs on the machine and controls all network traffic.

[kcking]

Can you export the certificate from keychain? (there shouldn't be any private key associated with it)

[oscartbeaumont]

I emailed it as I don't want it on the thread here. It is possible it is another certificate as there are a bunch there for other reasons.

[kcking]

Ok i think the invalid serial number error is coming from another certificate. What are your trust settings on that proxy cert? Try setting SSL to always trust if it's not already

[oscartbeaumont]

It is already set to always trust. I am checking all of the certs to find out which one it is.

[kcking]

You can list all certificates with security find-certificate -a -p.

You can then parse a certificate with openssl x509 -inform PEM -text (piping in the PEM format from the command above).

[kcking]

Which version of macOS are you using? According to https://forums.developer.apple.com/thread/80867 some certificate validation logic changed in 10.13

[oscartbeaumont]

MacOS Sierra 10.12.6. Annoyingly I am forced to this version by the administrator.

[oscartbeaumont]

Any ideas of how I can fix this as the certs that look to be causing the issue are certs for my organisation which I am not touching and I can't upgrade the OS (again organisation). Back to the idea of bluetooth as I know it works (on IOS), The android app never asked me for bluetooth permission how can I make it do that. The app/computer would just sit there due to the failure to talk to AWS. My phone is not of a common brand but does have working bluetooth (I use my smartwatch all the time).

[oscartbeaumont]

When trying to pair my device, it is not attempting to use bluetooth as there are no popups or anything about bluetooth. It just sits there failing to pair. The device has bluetooth enabled and has wifi and mobile data disabled to try and force bluetooth.

[kcking]

the phone will attempt to use bluetooth regardless of whether internet is working, so no need to disable it.

Pairing the phone over bluetooth (independent of kr) to your computer might help -- you can make your mac discoverable by opening bluetooth settings. Then select the mac from your phone's bluetooth UI

[oscartbeaumont]

I had to enable tethering over bluetooth on my phone to make my Mac stay connected but even after that it is still not working. Is there a way I can see if my Mac is receiving data/debug where the issue is for bluetooth?

[kcking]

If the pairing is hanging then most likely bluetooth just isn't working.

Another way to pair your phone and computer over bluetooth is to make your phone discoverable and select it from the Bluetooth UI on your computer. I've heard that people get different results depend on which device they pair from.

[oscartbeaumont]

Something I have noticed (because I do Golang development) is that other Go programs use the Keychain RootCA successfully. I put together a demo to test this here and when running it the same errors are shown in the Mac Console (Invalid Serial Number) but the demo connects and downloads the HTTPS page. Does this project do something special which is causing it to stop working because I don't think those Console errors are what the problem is. Also those errors are for Certs that do not handle HTTPS Verification.