search

nerzhul / ncsms-android

repository for the ncsms on Android
95 stars 38 forks source link

Error "UNK" whan adding an account #181

Open JeromeSi opened 6 years ago

JeromeSi commented 6 years ago

Steps to reproduce

1.write URL / Login / Password 2.click Sign in 3.error "UNK"

Expected behaviour

I can't connect the 2.0.1 with my nextcoud Nextcloud SMS 1.2.4 work fine

Actual behaviour

I have the message error "UNK" when i try to add an account

Server configuration

Nextcloud version: 11.0.6

PHP version: 5.6.33

Webserver: apache2

HTTPS: 2.4.10

Client configuration

Android version: 8.0.0 or 6.0 or 7.1.2

Phone: XZ1 compact / emulated / Moto G 4G peregrine

Nextcloud SMS app version: 2.0.1

Logs

E/Surface: getSlotFromBufferLocked: unknown buffer: 0xae477d00 E/Surface: getSlotFromBufferLocked: unknown buffer: 0xae477f80 I/fr.unix_experience.owncloud_sms.activities.LoginActivity.UserLoginTask: _serverURL = https://192.168.1.253:4433 I/GoLog: Get https://192.168.1.253:4433/index.php/apps/ocsms/get/apiversion?format=json: x509: cannot validate certificate for 192.168.1.253 because it doesn't contain any IP SANs D/EGL_emulation: eglMakeCurrent: 0xaa9efe40: ver 2 0 (tinfo 0xafead090) D/EGL_emulation: eglMakeCurrent: 0xaa9efe40: ver 2 0 (tinfo 0xafead090) D/EGL_emulation: eglMakeCurrent: 0xaa9efe40: ver 2 0 (tinfo 0xafead090) D/EGL_emulation: eglMakeCurrent: 0xaa9efe40: ver 2 0 (tinfo 0xafead090) D/EGL_emulation: eglMakeCurrent: 0xaa9efe40: ver 2 0 (tinfo 0xafead090) D/EGL_emulation: eglMakeCurrent: 0xaa9efe40: ver 2 0 (tinfo 0xafead090) D/EGL_emulation: eglMakeCurrent: 0xaa9efe40: ver 2 0 (tinfo 0xafead090) E/Surface: getSlotFromBufferLocked: unknown buffer: 0xae476e00 E/Surface: getSlotFromBufferLocked: unknown buffer: 0xae477d00 capture

nerzhul commented 6 years ago

@JeromeSi interesting error, at least you give me the golang error it's fine

nerzhul commented 6 years ago

It seems it can be due to your local certificate. Seems java client accept it but not the golang http client which is stricter. I'm looking for a workaround to permit it in insecure configurations

Your certificate doesn't have any IP:192.168.1.253 field

JeromeSi commented 6 years ago

In this log, you find the golang error... I'm learning about it. The certificate are self signed (it's my own little server)

nerzhul commented 6 years ago

@JeromeSi i'm trying to reproduce the problem

nerzhul commented 6 years ago

can you give me the public certificate of your server by mail (contact at unix-experience.fr) i will analyse the SSL issue on it

JeromeSi commented 6 years ago

wait a minute

nerzhul commented 6 years ago

For your usecase with SSL, regenerate a proper certificate with proper SANs (IP/DNS names)

First generate the following openssl.cnf file

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = MN
localityName = Locality Name (eg, city)
localityName_default = Minneapolis
organizationalUnitName  = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Domain Control Validated
commonName = Internet Widgits Ltd
commonName_max  = 64

[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = kb.example.com
DNS.2 = helpdesk.example.org
DNS.3 = systems.example.net
IP.1 = 192.168.1.1
IP.2 = 192.168.69.14

Replace DNS entries with yours if you have it, and IP with yours. (if you have 3 IPs, add IP.3 = A.B.C.D)

Next regenerate a private key

openssl genrsa -out nextcloud.key 2048

And generate a signing request

openssl req -new -out nextcloud.csr -key nextcloud.key -config openssl.cnf

Last generate the certificate

openssl x509 -req -days 3650 -in nextcloud.csr -signkey nextcloud.key -out nextcloud.crt -extfile openssl.cnf -extensions v3_req

If all succeed, verify the certificate with the following command

openssl x509 -in nextcloud.crt -text

You must have the following entry: X509v3 Subject Alternative Name:, containing your IPs or DNS names

If it's good, replace certificates of your nextcloud/owncloud instance

JeromeSi commented 6 years ago

I've got new certificate... a space missing in "openssl req -new -out nextcloud.csr -key nextcloud.key -config openssl.cnf"

nerzhul commented 6 years ago

i also just released 2.0.2 to show the SSL issue properly in android

JeromeSi commented 6 years ago

mmh. I replace my old certificate by new in my configuration, I reboot my server and no access to my owncloud...

nerzhul commented 6 years ago

Just check your apache/nginx logs it should show you a SSL issue on the startup i think, maybe you inverted key and cert

JeromeSi commented 6 years ago

ok. You're right. I've got the same error...but I've got the 2.0.1 version

JeromeSi commented 6 years ago

I don't know the line command to update my git repository on my hard disk...I'm searching

JeromeSi commented 6 years ago

Different issue but error capture du 2018-02-12 23-34-00 E/Surface: getSlotFromBufferLocked: unknown buffer: 0xaa284b20 E/Surface: getSlotFromBufferLocked: unknown buffer: 0xaa284580 I/fr.unix_experience.owncloud_sms.activities.LoginActivity.UserLoginTask: _serverURL = https://192.168.1.253:4433 I/GoLog: Get https://192.168.1.253:4433/index.php/apps/ocsms/get/apiversion?format=json: x509: certificate signed by unknown authority D/EGL_emulation: eglMakeCurrent: 0xaa2ef960: ver 2 0 (tinfo 0xaaa5e700) D/EGL_emulation: eglMakeCurrent: 0xaa2ef960: ver 2 0 (tinfo 0xaaa5e700) D/EGL_emulation: eglMakeCurrent: 0xaa2ef960: ver 2 0 (tinfo 0xaaa5e700) D/EGL_emulation: eglMakeCurrent: 0xaa2ef960: ver 2 0 (tinfo 0xaaa5e700) I'm going to sleep

nerzhul commented 6 years ago

at least 2.0.2 really permits to show the certificate error, i should look at this issue asap but i'm tired :)

JeromeSi commented 6 years ago

With app 2.02 on emulated device android 6.0 When I select add an account, I have got this error in logcat : 02-13 19:20:11.396 2875-2911/fr.unix_experience.owncloud_sms E/Surface: getSlotFromBufferLocked: unknown buffer: 0x9f2c3f20 After write server address, login and password, the app crash

JeromeSi commented 6 years ago

But "work" (don't crash when click o Sign in) on other emulated device Classical error : 02-13 19:32:33.119 3428-4638/fr.unix_experience.owncloud_sms I/GoLog: Get https://192.168.1.253:4433/index.php/apps/ocsms/get/apiversion?format=json: x509: certificate signed by unknown authority

livingsacrifice commented 6 years ago

I'm getting same error as JeromeSi for unknown authority. Is it possible to add option to ignore this issue. Other apps (eg, Davdroid, Nextcloud) don't complaining about the certificate.

hackitz commented 6 years ago

Can you not add the option to allow less secure certs? Like foldersync