Closed GoogleCodeExporter closed 9 years ago
If I try to access the
https://voice2.imagine.ie/prepaid/customer/userinfo2.php
using firefox,
I get a
"""
Forbidden
You don't have permission to access /prepaid/customer/userinfo2.php on this
server.
"""
Is there some filter on the user-agent made on server side?
Also are you sure there is no redirection made after to a non secure content
(or secured with a selfsigned certificate/certificate that doesn't match domain
name).
The problme you get here is not due to csipsimple; It's something from android
OS when loading a webview to a website.
Security on latest android versions (due to chrome engine introduction) has
been increased on this so the website must have no security potential
weakness/error, else android will refuse to load.
As you can see in the logs, all you see in errors comes from "chromium" lib not
from csipsimple.
Original comment by r3gis...@gmail.com
on 28 Mar 2013 at 3:06
Forbidden for you, but not for me from my IP address.
Also are you sure there is no redirection made after to a non secure
No, but I do see the issue now. The site is using a cert issued to the
correct domain, and while it is accepted fine by Chrome/Firefox/safari etc
on the desktop, I have just tried accessing it from Android and sure enough
it says it is fro man untrusted authority.
Yes, I did not think it was an issue with csipsimple itself, but thought
perhaps there was a flag that needed to be set to allow SSL or relax cert
requirements.
Security on latest android versions (due to chrome engine introduction) has
Thanks.
-Barry
Original comment by ba...@flanagan.ie
on 28 Mar 2013 at 3:26
Well, would be better to continue on the csipsimple-dev google group (this
issue list is more for users than for developers).
Else,
Yes, there is indeed a way to relax ssl security in csipsimple but I try to
avoid to use it as it introduce some risk for users.
So if you can find the root cause (it seems the CA is not in CA list of the
android rom you use), it's the good way to fix the problem.
If you can't find the root cause on your server/on the android rom you use,
please ask on the csipsimple-dev group on how to relax ssl certificate
verification in AccountCreationWebview. This way it will benefit all other
developers and will be easier to search for them.
Original comment by r3gis...@gmail.com
on 28 Mar 2013 at 4:28
Issue solved. Bad certificate chain on server.
Original comment by ba...@flanagan.ie
on 28 Mar 2013 at 4:35
Original issue reported on code.google.com by
ba...@flanagan.ie
on 28 Mar 2013 at 2:55