search

newhinton / Round-Sync

An android cloud file manager, powered by rclone. Visit https://roundsync.com for more information!
https://roundsync.com
GNU General Public License v3.0
1.22k stars 49 forks source link

webdav mutual tls client certificate authentication #84

Open ippocratis opened 1 year ago

ippocratis commented 1 year ago

Pre-Submission checklist

What version of extract are you using (About -> App version)?

2.0.6-dev

What problem are you trying to solve?

Mutual tls client certificate authentication

What should RCX be able to do differently to help with this problem?

I have my webdav server configured with mutual tls and it awaits for a client certificate. I have installed the p12 cert on my android device and it can be picked from browsers and compatible apps like e.g. davx5

I tried to import a config

Rclone documentation link for webdav mounts States that:

If you want you can serve over https. You will need to supply the --cert and --key flags. If you wish to do client side certificate validation then you will need to supply --client-ca also. --cert should be a either a PEM encoded certificate or a concatenation of that with the CA certificate. --key should be the PEM encoded private key and --client-ca should be the PEM encoded client certificate authority certificate.

My config looks like

[webdav]
type = webdav
url = https://my.webdav.url
vendor = other
user = username
pass = password
client-ca = /path/to/cert_name-CA.crt
client-cert = /path/to/cert_name.crt
client-key = /path/to/cert_name.key

The config imports OK but the webdav does not mount

newhinton commented 1 year ago

Phew, this might be a hard one. I am not sure if i can actually support that at the moment, i will have to look at this. However, that might take quite a while before i can get to this.

Efreak commented 1 year ago

Check #111 for the way I added my ssh key to the app's private data. Basically you need to edit the config to expose the app's private data directory, which you can then add files to.

ippocratis commented 1 year ago

I'm not sure it is storage access related. The config is located on a folder the app has access to. The app asks for storage access upon install time