Run always in "trustCertificateError" if server accept client certificate (not needed for nextcloud) - Tasks proceed even if I click to NO to "trusted question"

[qupfer]

Steps to reproduce

1. run nextcloud behind Haproxy with this bind options: bind *:443 ssl crt /etc/haproxy/certs ca-file /root/pki/ca.crt verify optional crt-ignore-err all
2. open iOS app
3. click through folders

Expected behaviour

First: There is nor error message about changed certificate shown or at least not shown anymore after submitting "yes" one time.

Actual behaviour

The error message attached is shown every time. "The certificate for this server seems to have changed". Clicking on certificate details shows always the correct nextcloud server certificate.

Additional, there is a Bug-inside-the-Bug. While the Error Message is shown, the App continue the current task. Which means, even if you say "NO", its already continued with the current taks.

---

Suspected cause: I run nextclound behind an reverse proxy (haproxy) which also accept an client-certifacte which is used for an other service (no usage for nextcloud). The real connection to nextcloud is still valid and all works as expected in the background. But the (empty) client certificate triggers the error message, but for an "unused" connection.

Screenshots

Environment data

iOS version: 16.3.1

Nextcloud iOS app version: 4.7.0.23

Server operating system: ubuntu 22.04

Web server: nginx behind haproxy

Database: PostgreSQL 14.7-0ubuntu0.22.04.1

PHP version: PHP 8.1.2-1ubuntu2.11

Nextcloud version: 25.0.5

[markus-posch]

Hello, i had the same issue. I resolved it by removing the following line from the reverse proxy configuration:

ssl_verify_client      optional;