(SSL) Login failure with Nginx 1.4.4 built from source with custom webserver ID string

[technodrome]

Expected behaviour

Client is expected to connect to the server and login.

Actual behaviour

Client is unable to connect to the server using SSL with self-signed wildcard 4096 bit certificate. Login fails with vanilla error "Unknown error occurred". Webserver identification string was altered to "Anarchy webserver" in source code prior to the compilation. However, this behavior should not affect client functionality when connecting.

Steps to reproduce

1. Wildcard certificate was imported into Android and is successfully used with another app for the same server.
2. Open app, try to login => error message.

   Environment data

Android version: Cyanogenmod 10.2 / Android 4.3.1

Device model: GT-I8160 (Samsung Galaxy Ace II)

Stock or customized system: CM

ownCloud app version:1.5.4

ownCloud server version: 6.0.1

Logs

(logcat output)

03-08 11:47:26.094 E/OwnCloudServerCheckOperation(5058): Connection check at https://cloud.mydomain.com/status.php: HTTP violation
03-08 11:47:26.094 E/OwnCloudServerCheckOperation(5058): org.apache.commons.httpclient.ProtocolException: Unable to parse header: Anarchy webserver
03-08 11:47:26.094 E/OwnCloudServerCheckOperation(5058):    at org.apache.commons.httpclient.HttpParser.parseHeaders(HttpParser.java:202)
03-08 11:47:26.094 E/OwnCloudServerCheckOperation(5058):    at org.apache.commons.httpclient.HttpMethodBase.readResponseHeaders(HttpMethodBase.java:1935)
03-08 11:47:26.094 E/OwnCloudServerCheckOperation(5058):    at org.apache.commons.httpclient.HttpMethodBase.readResponse(HttpMethodBase.java:1737)
03-08 11:47:26.094 E/OwnCloudServerCheckOperation(5058):    at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1098)
03-08 11:47:26.094 E/OwnCloudServerCheckOperation(5058):    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
03-08 11:47:26.094 E/OwnCloudServerCheckOperation(5058):    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
03-08 11:47:26.094 E/OwnCloudServerCheckOperation(5058):    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
03-08 11:47:26.094 E/OwnCloudServerCheckOperation(5058):    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
03-08 11:47:26.094 E/OwnCloudServerCheckOperation(5058):    at com.owncloud.android.lib.network.OwnCloudClient.executeMethod(OwnCloudClient.java:177)
03-08 11:47:26.094 E/OwnCloudServerCheckOperation(5058):    at com.owncloud.android.lib.network.OwnCloudClient.executeMethod(OwnCloudClient.java:157)
03-08 11:47:26.094 E/OwnCloudServerCheckOperation(5058):    at com.owncloud.android.lib.operations.remote.OwnCloudServerCheckOperation.tryConnection(OwnCloudServerCheckOperation.java:82)
03-08 11:47:26.094 E/OwnCloudServerCheckOperation(5058):    at com.owncloud.android.lib.operations.remote.OwnCloudServerCheckOperation.run(OwnCloudServerCheckOperation.java:146)
03-08 11:47:26.094 E/OwnCloudServerCheckOperation(5058):    at com.owncloud.android.lib.operations.common.RemoteOperation.run(RemoteOperation.java:222)
03-08 11:47:26.094 E/OwnCloudServerCheckOperation(5058):    at java.lang.Thread.run(Thread.java:841)
...
03-08 11:47:29.147 E/OwnCloudServerCheckOperation(5058):    at java.lang.Thread.run(Thread.java:841)
03-08 11:47:40.558 E/OwnCloudServerCheckOperation(5058): Connection check at http://cloud.mydomain.com/status.php: Socket timeout exception
03-08 11:47:40.558 E/OwnCloudServerCheckOperation(5058): java.net.SocketTimeoutException
03-08 11:47:40.558 E/OwnCloudServerCheckOperation(5058):    at java.net.PlainSocketImpl.read(PlainSocketImpl.java:492)
03-08 11:47:40.558 E/OwnCloudServerCheckOperation(5058):    at java.net.PlainSocketImpl.access$000(PlainSocketImpl.java:46)
03-08 11:47:40.558 E/OwnCloudServerCheckOperation(5058):    at java.net.PlainSocketImpl$PlainSocketInputStream.read(PlainSocketImpl.java:241)
03-08 11:47:40.558 E/OwnCloudServerCheckOperation(5058):    at java.io.InputStream.read(InputStream.java:163)
03-08 11:47:40.558 E/OwnCloudServerCheckOperation(5058):    at java.io.BufferedInputStream.fillbuf(BufferedInputStream.java:142)
03-08 11:47:40.558 E/OwnCloudServerCheckOperation(5058):    at java.io.BufferedInputStream.read(BufferedInputStream.java:227)
03-08 11:47:40.558 E/OwnCloudServerCheckOperation(5058):    at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78)
03-08 11:47:40.558 E/OwnCloudServerCheckOperation(5058):    at org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:106)
03-08 11:47:40.558 E/OwnCloudServerCheckOperation(5058):    at org.apache.commons.httpclient.HttpConnection.readLine(HttpConnection.java:1116)
03-08 11:47:40.558 E/OwnCloudServerCheckOperation(5058):    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.readLine(MultiThreadedHttpConnectionManager.java:1413)

CURL output

HTTP/1.1 200 OK
Anarchy webserver
Date: Sat, 08 Mar 2014 12:11:06 GMT
Content-Type: text/html
Connection: keep-alive
Set-Cookie: oc3ab94ba19b=huh54c1rcds98r1n7jot5kgd85; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: Sameorigin
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src *

Web server error log

No errors. Output from nginx's access.log (HTTP 200 so no problem there)

[08/Mar/2014:11:51:00 +0100] "GET //status.php HTTP/1.1" 200 89 "-" "Android-ownCloud"
[08/Mar/2014:11:51:02 +0100] "GET //status.php HTTP/1.1" 200 89 "-" "Android-ownCloud"
[08/Mar/2014:11:51:23 +0100] "GET //status.php HTTP/1.1" 200 89 "-" "Android-ownCloud"
[08/Mar/2014:11:51:26 +0100] "GET //status.php HTTP/1.1" 200 89 "-" "Android-ownCloud"

Server modules

nginx version: nginx/1.4.4
built by gcc 4.8.2 (Debian 4.8.2-14)
TLS SNI support enabled
configure arguments:
--prefix=/etc/nginx
--sbin-path=/usr/sbin/nginx
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log
--pid-path=/var/run/nginx.pid
--lock-path=/var/lock/nginx/nginx.lock
--user=nginx
--group=nginx
--add-module=/nginx/nginx-modules/naxsi-master/naxsi_src
--with-file-aio
--with-ipv6
--with-http_ssl_module
--with-http_spdy_module
--with-http_realip_module
--with-http_addition_module
--with-http_xslt_module
--with-http_image_filter_module
--with-http_geoip_module
--with-http_sub_module
--with-http_dav_module
--with-http_flv_module
--with-http_mp4_module
--with-http_gunzip_module
--with-http_gzip_static_module
--with-http_random_index_module
--with-http_secure_link_module
--with-http_degradation_module
--with-http_stub_status_module
--with-http_perl_module
--with-mail
--with-mail_ssl_module
--with-pcre
--with-google_perftools_module
--with-debug
--add-module=/nginx/nginx-modules/headers-more-nginx-module-0.25
--add-module=/nginx/nginx-modules/redis2-nginx-module-0.10
--add-module=/nginx/nginx-modules/ngx_pagespeed-1.7.30.3-beta

ownCloud log (data/owncloud.log)

no output as this problem is concerned

One last thing, my girlfriend is doing the vacuuimg and says hello to you :)

[davivel]

Hi, @technodrome . The change of the webserver identification is breaking HTTP. See the curl output; the line "Anarchy webserver" should be "Server: Anarchy webserver". The client is trying to process the line as a header: value and failing due to that.

Try to recover the "Server: " prefix and tell us how it goes.

And say hello back to your girlfriend :)

[davivel]

@technodrome , could you solve your problem?

Thanks.

[technodrome]

Hi David, I can confirm recompiling with server string defined according to the format above fixed the problem. You can consider this issue closed.

Thanks for your support. Good work!

[davivel]

Happy to read it, thanks for your feedback.