Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WebDAV - add certificate handling #517

Open
mr-flibble opened this issue Nov 11, 2018 · 3 comments

Comments

Projects
None yet
2 participants
@mr-flibble
Copy link

commented Nov 11, 2018

I tried connect to WebDAV on Synology but Duplicacy always stuck for couple of minutes and then gave error:
ERROR Failed to load the WebDAV storage at webdav://account@subdomain.dom-ain.com:5006/folder Maximum backoff reached

So I tried -debug parameter and I got:
URL request 'PROPFIND folder/' returned an error (Propfind https://subdomain.dom-ain.com:5006/folder/: x509: certificate has expired or is not yet valid)

So my cert was expired

I also tried it with default Synology selfsigned certificate:
same Maximum backoff reached error.
But debug shows URL request 'PROPFIND folder/' returned an error (Propfind https://subdomain.dom-ain.com:5006/folder/: x509: certificate signed by unknown authority)

So Duplicacy is missing:

  • Error/warning when cert is invalid or untrusted
    (the current behavior is that Duplicacy is stuck fo approx 5 minutes and show generic error)
  • Parameter to ignore error, something like "-accept-any-ssl-certificate"
@gilbertchen

This comment has been minimized.

Copy link
Owner

commented Nov 14, 2018

Duplicacy expects root certificates to be at one of the following locations (from https://golang.org/src/crypto/x509/root_linux.go):

var certFiles = []string{
	"/etc/ssl/certs/ca-certificates.crt",                // Debian/Ubuntu/Gentoo etc.
	"/etc/pki/tls/certs/ca-bundle.crt",                  // Fedora/RHEL 6
	"/etc/ssl/ca-bundle.pem",                            // OpenSUSE
	"/etc/pki/tls/cacert.pem",                           // OpenELEC
	"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
}

Please check these locations, and if there are, check if they are valid.

@mr-flibble

This comment has been minimized.

Copy link
Author

commented Nov 14, 2018

Thanks for reply.
I'm using Windows.
I tried add Synology selfigned cert to "Trusted root certificate authorities" but error was same.

When I install valid let's encrypt cert, webdav connection works.

@mr-flibble

This comment has been minimized.

Copy link
Author

commented Dec 22, 2018

UPDATE:
Only workaround I managed find is:
(for WEBDAV on Synology)

  • Use domain name and not IP address
  • Create new selfigned certificate with domain name in Synology (root CA cert is also created)
  • Add root CA cert to Trusted root certificate authorities
    After this, init command works:
    duplicacy_win_x64_2.1.2.exe -d init syno webdav://user@domain.com:5006/folder/subfolder
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.