search

nextcloud / ios

📱 Nextcloud iOS App
https://itunes.apple.com/us/app/nextcloud/id1125420102
GNU General Public License v3.0
1.95k stars 878 forks source link

iOS app is nagging with popup when server is configured for optional mtls / client certificate #2904

Open ne20002 opened 5 months ago

ne20002 commented 5 months ago

Steps to reproduce

I have a Nginx reverse proxy in front of my Nextcloud server. I've set up the server to support optional mTLS / client certificates where those are signed by my own CA.

The iOS app is now nagging me with reoccurring popup stating the server certificate has changed. Which indeed does not have changed.

This is the Nginx setup:

    ssl_certificate         /etc/letsencrypt/live/<myserver>/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/<myserver>/privkey.pem;

    ssl_stapling            off;

    ssl_client_certificate  /etc/nginx/client_certs/clientCertsCA-chain.pem;
    ssl_verify_client       optional_no_ca;
    ssl_verify_depth        1;

The server's certificate is a valid LetEncrypt certificate. The clientCertsCA-chain.pem is the root certificate of my own CA with which the client certificates are signed.

Expected behaviour

As long as I have not added a client certificate to the iOS app / device, nothing particularily should happen. The app should not show any error popups.

Actual behaviour

Any few minutes or on actions in the app like update or download of a file, the following popup appears:

grafik

Actually, the Android client behaves as before as well as the Linux client and all Dav clients. Adding a client certificate to Firefox also works as expected (without any error using the cleint certificate for authentication against the server).

I have rechecked by temporarily disabling the client certificate verification (popups does not appear then).

iOS version: e.g. latest iOS on iPhone 8

Nextcloud iOS app version: Nextcloud-iOS/5.2.6

Server operating system: Debian Bookworm

Web server: Nginx

Database:

PHP version:

Nextcloud version: 28.0.5

marinofaggiana commented 3 months ago

@ne20002 implemented. Please test version in Testflight

ne20002 commented 2 months ago

Thank you for the resonse. Unfortunately I don't have access to testflight. The issue has been reported by a user using iOS. But I'm sure your fix will be ok.

ne20002 commented 2 months ago

It seems as if with 5.5.2 the problem is solved. The nagging disapeared. I need to verify that the optional client certificate is used though when given.