Possible Bug: Client certificates with NextCloud #787
-
Hi everyone, I'm currently in the process of enhancing my NextCloud instance with client certificate authentication and I'm struggling with the DAVx5 setup. Using the provider specific (NextCloud) account creation seems not to support client certificates and trying to add the account with the extended login also did not seem to work. What I did:
This yields in the error "The base URL doesn't seem to be an accessible CalDAV/CardDAV URL and service detection was not successful." The logs tell me:
So it seems like my client certificate is not used. Any ideas what could be the problem here? Chris |
Beta Was this translation helpful? Give feedback.
Replies: 5 comments 7 replies
-
True – the login is done in the browser and it can't return the certificate (name) that it used.
Strange, just tried it here and it works as expected.
|
Beta Was this translation helpful? Give feedback.
-
Thanks. In case you cannot find anything based on the attached logs, I could send you credentials and client certificate for a test account on my NextCloud instance.
Have a nice weekend,
Christopher
18.05.2024 12:01:35 Bernhard Stockmann ***@***.***>:
…
Ticket is here, it will be looked at next week :)
—
Reply to this email directly, view it on GitHub[#787 (reply in thread)], or unsubscribe[https://github.com/notifications/unsubscribe-auth/BGH2ZRGZ24RGL4PB57CKYULZC4RHXAVCNFSM6AAAAABHTCOWKGVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4TINZXHAZDI].
You are receiving this because you authored the thread.
[Verfolgungsbild][https://github.com/notifications/beacon/BGH2ZRCWCYIQRCGKAEUSFOTZC4RHXA5CNFSM6AAAAABHTCOWKGWGG33NNVSW45C7OR4XAZNRIRUXGY3VONZWS33OINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQASCPMA.gif]
|
Beta Was this translation helpful? Give feedback.
-
I have a Radicale server sitting behind a nginx proxy that verifies TLS client certificates, and I also see the behaviour of the TLS client certificate not being supplied during service discovery. |
Beta Was this translation helpful? Give feedback.
-
Another clue: if I disable the SSL client cert validation (from the server side), davx5 successfully creates the account - BUT the configured account doesn't have the client cert set! Turning it on after the fact results in the cert being supplied correctly. My conclusion is that something is wrong specifically with the new-account-setup TLS client cert option, and not with the code for ordinary syncs afterwards. Perhaps the UI isn't actually passing the configured certificate to the sync code during account creation? |
Beta Was this translation helpful? Give feedback.
-
I can't reproduce the problem. Everything is working fine here: Screen_recording_20240525_214636.webmIf someone could send a test account to https://www.davx5.com/support and steps to reproduce (URL etc.), I could give a try with that one. |
Beta Was this translation helpful? Give feedback.
I tried with this version (4.3.17-alpha.3) and can confirm that's it's working with that one.