-
-
Notifications
You must be signed in to change notification settings - Fork 219
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Tracking] Connection fails with self-signed HTTPS certificate #301
Comments
I am also having the same problem, particularly with Lets Encrypt certificate on older device. I do think this is a problem with the Lets Encrypt intermediate CA and not serving the full chain. It works on newer devices, but only on the first connection attempt. I haven't retrieved the logcat from my newer device, so I will update tomorrow. |
I found the issue.
The wiki also mentions this, although I somehow skipped it. |
Hey @ChrisG661, I just tested serving the fullchain.pem and it fixed the issue on my S10. Thanks a lot for finding the issue! Not sure how to handle this issue then, since according to the documentation it's technically not a bug...but might confuse others in the future. |
Same issue, except I'm really don't see why I would want my cert signed by a CA other than the app requires it. Is there any chance to get support for self-signed SSL certs in the app? |
Please test again with the beta version of the app, it might work now. |
I guess I was a little trigger happy. I already deleted the container running my jellyfin server instance in favor of trying to setup airsonic or another alternative. So before I set anything back up, can you clarify if the beta app should work with self-signed certs now, if there's at least a patch for it somewhere in the pipeline, or if you're just speculating that it might? |
It might, we use a brand new library under the hood for all network requests so that might fix issues like this. Do note that self signed certificates are not something officially supported by us because it's unsafe. |
Afaik, using self-signed certs is pretty standard for self hosted stuff that only 1 or 2 people are going to connect to. Most such software supports it. As long as you compare and store the fingerprint on first connect, I don't see the issue. Maybe you'd like to elaborate? Sorry, if it was easy to test or had been intentionally fixed, I'd be happy to test, but if the position is that it won't be supported but might incidentally work, I think I'll move on to trying some non-jellyfin solutions. edit: The irony here is that the Jellyfin android app supports connecting with no SSL at all, sending user name and password in the clear. How is that safer than a self signed cert, I suppose is the real question. |
self-signed certificates are safe if you manually verify the fingerprint against a known good fingerprint you got from an out-of-band, secure channel (TOFU). They are also very secure if you installed the signing CA as a valid CA on your device. As far as I know there is no simple way to add your own CA cert as a trusted CA for Android apps (or is there?). I second the need to support self-signed/custom CA-signed certificates in the jellyfin app (a dialog to accept/reject a self-signed cert on first connection would be great) |
Sorry, I send that message quite quickly and now that I read it again I phrased it wrongly. I meant that self-signed certificates can be dangerous (and unsafe) if not used correctly. |
Just as a "warning" beforehand, the current web app will eventually be replaced by a native app, which won't use a WebView anymore, and only connect to Jellyfin through the Kotlin SDK. |
I confirm that the latest beta / current master works correctly with properly created self-signed certificates See #188 to learn how to create a self-signed certificate compatible with Android. What I have noticed is that A suggestion to the devs, add a reason field to jellyfin-android/app/src/main/java/org/jellyfin/mobile/fragment/ConnectFragment.kt Lines 174 to 176 in 7dbf085
|
Closing since this issue is fixed. We will provide additional error reporting in the future (already merged in the SDK). |
Describe the bug
When trying to connect to a HTTPS server (using reverse proxy with nginx) the message "Could not establish connection" appears.
However connecting via HTTP works. Similar bug occurs in the FireTV app. Browsers and iOS app work fine however.
To Reproduce
Can send server details in private if necessary for testing.
Expected behavior
Connection with HTTPS server can be established. Tested in Browser and iOS apps, works perfectly.
System (please complete the following information):
The text was updated successfully, but these errors were encountered: