Joplin does not trust Android certificate store?

[OdinVex]

Yet another “Network Request Failed” post. Joplin Android won't connect to local WebDAV, Desktops all do.

I use my own certificate authority in my domain behind my router with private DNS as well. I've installed my CA-certificate on all devices, including my Android devices. While some apps need to be told to use Android's certificate/security store to work (Firefox, for example), some automatically trust the Android CS store.

I use my CA to sign certificates, the chain included is served by the web server. Other devices, Linux/Windows, they all work, even without “Ignore TLS certificate errors”, but that doesn't work for Android. I believe it only ignores self-signed certificates, instead of TLS certificate errors (such as what I believe is happening, that Joplin isn't trusting it because it doesn't trust the CA or the Android CS store which does.)

Environment

Joplin version: 2.6.3 Platform: Android OS specifics: v7, v9

Steps to reproduce

1. Create a CA, import to all devices as trusted CA. Sign any intermediate/end certificates for use with a WebDAV server.
2. Point Joplin to a WebDAV.
3. Fail at synchronizing.

syncReport-1639758713530.txt

[personalizedrefrigerator]

Related:

• https://github.com/facebook/react-native/issues/20488
• https://github.com/laurent22/joplin/commit/7e9972d99ff92da4b45595acbfed89c8bcd5afb8

• 680

[github-actions[bot]]

Hey there, it looks like there has been no activity on this issue recently. Has the issue been fixed, or does it still require the community's attention? If you require support or are requesting an enhancement or feature then please create a topic on the Joplin forum. This issue may be closed if no further activity occurs. You may comment on the issue and I will leave it open. Thank you for your contributions.

[OdinVex]

It is unresolved.

[Geroldin]

hi, i'm having the same issue even with a valid certificate Mobile Phone: Samsung S21 5G (SM-G991B/DS) Android Version: 13 (Samsung One UI 5.1) Joplin Android App Version: 2.12.3 Opera Browser 77.4.4095.74896 Samsung Internet 22.0.6.9 Joplin Server v2.13.1

I've installed Joplin Server on Docker running on a Synology NAS. I'm currently using the Synology NAS Revers Proxy to publish the app. Access via Joplin Desktop App v.2.12.18 (Ubuntu LTS 22.04) works just fine. Access from mobil browser (same device) works as well without issues and no certificate issues / warnings. The setting "ignore tls certificate issues" is enables. I always end up with the error message: 'Trust anchor for certificate path not found' .

Please find below the sync Report log from the App and a screenshot from the certificate: syncReport-1696596233931.txt

[Geroldin]

Short addition: Network Connectivity check in configuration says everything is fine. Strange when I disable "ignore TLS certificate issus" I get an Network request failed message. Saying I should check my user/pw and server address.

[Geroldin]

Might have found a fix. Seems like the intermediate Certificaze was unknown and therefor untrusted. When I installed it in the Android CA Store the connection started to work. So might just be a bad (cheap) wildcard certificate. I even could disable "ignore tls certificate isaues".

[OdinVex]

This may have been fixed an update or two ago, not sure when. I can finally disable 'Ignore TLS Certificate Issues' as well. (My cert is directly below the CA in my chain, so there was no intermediate certificate issue, just a store trust issue. Seems fixed now, upstream library fixed maybe?)