search

mattermost / mattermost-mobile

Next generation iOS and Android apps for Mattermost in React Native
https://about.mattermost.com/
Apache License 2.0
2.2k stars 1.33k forks source link

Unable to connect - Client Cert not prompting #4616

Closed eljeffeg closed 1 year ago

eljeffeg commented 4 years ago

The latest version of MM app is no longer working for me.

Summary

When I click Connect, it says "Cannot connect to the server. Please check your server URL and Internet connection." My server requires a client cert and MM is no longer prompting me to use the client cert. The latest update may have completely broken what was partially broken with issue #3869

Environment Information

Steps to reproduce

Try to connect to server that requires a client cert.

Expected behavior

Prompt for client cert and connect.

Observed behavior

No prompt and fails to connect

amyblais commented 4 years ago

@jeffg2k Have you had a chance to check our troubleshooting guide: https://docs.mattermost.com/mobile/mobile-troubleshoot.html#i-keep-getting-a-message-cannot-connect-to-the-server-please-check-your-server-url-and-internet-connection?

eljeffeg commented 4 years ago

@amyblais I've gone through the troubleshooting guide and it has not resolved the issue. Using https, cert appears fine at SSL labs. Creating an account on demo.mattermost.com worked fine, however, that site doesn't require a client cert, which is what I think the issue is about. I have verified that my client cert (and the site) works fine on any other platform and it was working with prior versions (though it had issues as I described in #3869 ), but now I can't connect at all. It doesn't progress to the username / password screen. It tries to connect and fails.

enahum commented 4 years ago

Hey @jeffg2k I’m sorry this has been an issue on your end. Mutual TLS (client side certificate) has been for a while an experimental feature, a few months back we conciously broke it as we needed to push another feature regarding performance out. As the mTLS was and still remains experimental I would suggest not to rely on it, at least until it is revisited.

I can share that currently there are plans to spec it out, it may be that it becomes Certificate Based Authentication instead of just Mutual TLS but unsure at this point.

When will it be done? There is no ETA.

eljeffeg commented 4 years ago

@enahum Thank you for the confirmation on the issue and for the explanation. I'll relay it to the administration team hosting our MM instance.

larkox commented 1 year ago

Closing due to the age of the issue. If this is still happening on the latest version, feel free to reopen.