[Bug]: Invalid error about "Untrusted Certificate"

[davidmehren]

Bug description

The "Add Nextcloud account" wizard shows an "Untrusted Certificate" error, even though the certificate is perfectly valid and the servers' configuration gets an A+ score on SSL Labs.

The error shown is "The host name did not match any of the valid hosts for this certificate".

Alarmingly, even when I press "Cancel" in the dialog box shown above, the setup process CONTINUES ANYWAY, as if nothing happened.

Related:

• https://github.com/nextcloud/desktop/issues/3532
• https://github.com/nextcloud/desktop/issues/2101

Steps to reproduce

1. Start to add a new account to NC Desktop, enter the URL.
2. Observe the dialog box pictured above

Expected behavior

There should be no scary certificate warning for server configurations that

1. Work perfectly in all major browsers
2. Have a passing grade in SSL Labs

---

Additionally, if the user presses "Cancel" in the certificate warning dialog, account setup SHOULD NOT CONTINUE.

Which files are affected by this bug

n/a

Operating system

Linux

Which version of the operating system you are running.

Fedora 40

Package

Appimage

Nextcloud Server version

28.0.5

Nextcloud Desktop Client version

3.13.0

Is this bug present after an update or on a fresh install?

Fresh desktop client install

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

Are you using an external user-backend?

• [ ] Default internal user-backend
• [ ] LDAP/ Active Directory
• [ ] SSO - SAML
• [X] Other

Nextcloud Server logs

n/a

Additional info

No response

[davidmehren]

In https://github.com/nextcloud/desktop/issues/2101 it was theorized that this error popup appears, because the certificate validity check first resolves the CNAME entry and then checks if the resulting DNS name appears in the certificate (I did not validate this theory).

This would be contrary to how browsers and probably every other TLS client validates certificates.