Add check for correct server certificate

[ne20002]

Is your feature request related to a problem? Please describe.

Having looked a bit deeper into tls connection handling when I regognized that the company I work for intersects tls traffic in their WLAN I'd like to have an option to check the server certificate for being the correct one. Many companies and even hotels intersect TLS traffic with middle boxes by spoofing server certificates. This is bad as this means someone can look into the connection I have to my Nextcloud server and this affects my privacy.

Describe the solution you'd like

In order: a) have the availability to use client certificate for connection or b) just have an option to check the server certificate againt a hash stored in the client or c) at least have the ability to use TLSA DNS record for checking.

A clear and concise description of what you want to happen. b) should be sufficiant and would not need any changes on the server. In case one is using Letsencrpyt a check similar to DNSSEC/DANE would be sufficiant by just checking if the server certificate is really signed by the expected CA (LetsEncrypt X3 in the case). It would allow to detect if the connection is tried to be tampered and the user should than be presented a warning. Maybe plus the option to connect anyway.

Describe alternatives you've considered

Another option, but also not always working is a VPN to my home network. VPNs are also blocked in a few companies, hotels, countries.

Additional context

Add any other context or screenshots about the feature request here.

NOTE: Be super sure to remove sensitive data like passwords, note that everybody can look here! You can use the Issue Template application to prefill some of the required information: https://apps.nextcloud.com/apps/issuetemplate

[nextcloud-android-bot]

GitMate.io thinks possibly related issues are https://github.com/nextcloud/android/issues/2240 (Check for unsupported server & warn), https://github.com/nextcloud/android/pull/3017 (Backport npe server version check), https://github.com/nextcloud/android/issues/2436 (Add Scanning Support), https://github.com/nextcloud/android/issues/542 (Add me to the repository), and https://github.com/nextcloud/android/issues/1179 (Enhancement: add check if enough ressources available before upload).

[tobiasKaminsky]

I am far from being an expert at this, but when I am behind some of these "boxes", I always got a warning that the certificate does not match the host name. (My connection to my Nextcloud is via https).

Do you know a way to reproduce this locally?

[rklasen]

@tobiasKaminsky I just checked with mitmproxy on a raspberry pi. The nextcloud android app happily accepted the (invalid!) certificate from mitmproxy and worked normally. That means I didn't get notified that my servers certificate changed (from let's encrypt to mitmproxy) and I could see all requests in mitmproxy. I think this is a serious security flaw. This may be related to #5057.

[Torqu3Wr3nch]

Was this ever resolved? I notice the issue (and the other issue) is still marked as open. These are extremely serious flaws.

@rklasen do you remember if you had mitmproxy set up prior to adding your Nextcloud account to the Android client? I want to make sure that the Nextcloud Android client isn't checking just on the initial authentication too.

[ne20002]

As far as I see, this is not solved. Having an option for checking a TLSA record / having a valid certificate based on DANE check would be super cool.

[rklasen]

@Torqu3Wr3nch I haven't checked the certificate (pinning or checks) since. But yes, I'm absolutely positive. I set up the app on my regular instance without any proxies, because it was for normal usage. I set up the mitm proxy a few months later for a different project alltogether and noticed more or less by accident that the Nextcloud Android app doesn't complain.

If these issues are still open I'd wager the behavior is still unchanged. I can check again in a few days to be absolutely sure.

[Torqu3Wr3nch]

@rklasen, yikes. Have you checked this behavior with the desktop client?

@tobiasKaminsky, this isn't an enhancement. This is a serious security flaw. I can't actually think of a worse one. This, combined with other related (and also still open) issues such as https://github.com/nextcloud/android/issues/5057, sounds like we're not validating server certificates at all.

[rklasen]

I mean, there are still worse issues possible, this is not an unauthenticated RCE or something... But I have good news. It seems on the current android version, a new certificate is not automatically accepted.

I've mitm'ed my already setup Nextcloud App on Android (3.22.3) and upon opening the app, a warning was displayed (certificate could not be verified, certificate is not trusted, trust anyway?):

The obvious choice here would ne a strong "No" of course. I think this warning is much too mild, considering the possible consequences. A click on "details" reveals the IP (blurred) and the names of the certificate (mitmproxy, though these can be changed of course). What is direly missing is a fingerprint in my opinion.

---

So, the user must of course check "no". But what if they trust the cert anyway? This is what the request looks like in mitmproxy:

We can see the cookie (of course, since we're intercepting traffic), but also a http basic auth (starts with UmV, remainder blurred). This is base 64:

But this is not my personal account password. I assume it's an app-specific password that was generated when I setup the App via the QR code in the web interface. Either way, this password grants full r/w access to all files and possibly admin setting.

---

Let me state again that I realize this is necessary for the app to work. I know there is no way around this.

However, the warning about the "untrusted certificate" is much too mild considering the possible damage! I would suggest changing this wording such that the possible danger becomes clearer.