New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No HTTPS SNI support due to upstream #23
Comments
Hi, Do you have more information about your problem? What does the app says? What does the server says? What's your config? etc. Thanks for using PB (or trying at least...) |
Do you have only one SSL certificate on that server? When using ssl i can't activate the service; "test" will fail with a generic error as far as I remember. I am not in possession of the phone right now :) I will report back if I have any more information. Here my concrete example:
I just receive any certificate (for another of my domains fahrrad-filter.de). |
No, I have at least 10 SSL certificates on this server. I'm far of an expert in SSL-related matter, but I made it work quite easily iirc. What server do you use to redirect to PB? I use Nginx as a proxy with the following conf. I even make it work with Basic Auth (not used here).
|
I've checked the error; it's just the generic Toast with "check you server configuration". Regarding your domains: that works, because you have only one SSL certificate for all your domains:
So, if http clients without SNI contact that server, they always will receive the right certificate. This doesn't work, if your server has more than one SSL certificate (e.g., you share the server with other people, like in my case, or you are using different certificate authorities, or you hit the rate limit of Letsencrypt, or ...). https://en.wikipedia.org/wiki/Server_Name_Indication#Support (I have the same problem with other Android software, like a feed-reader (ttrss) and the app I used before PhotoBackup -> AutoShare, all of those have the same problem and can't support SNI 😞 ) I think there is not much we can do here (besides waiting for upstream fix or ripping out android-async, which is probably not reasonable). |
Can you try the last commit to tell me if this is fixed? |
Sounds great! I just tried it, works now with my SSL config! :D Also saw the User Agent: So I guess, the SNI issue is fixed. Thank you! |
whoah, it's the first time I close two issues in one lunch :-) |
First, thanks for the (OpenSource) work so far on that app!
I tried using the https version of my server (I times of Letsencrypt also a common thing, IMO), but that fails. Seems to be a issue of android-async-http.
android-async-http/android-async-http#224
For what it's worth, some people in the issue recommend another library, okhttp.
The text was updated successfully, but these errors were encountered: