Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error when connecting to server with self-signed SSL. #705

Open
kirkschnable opened this issue Oct 6, 2018 · 14 comments

Comments

Projects
None yet
10 participants
@kirkschnable
Copy link

commented Oct 6, 2018

When connecting to a server that has a self-signed SSL certificate, the client errors out before allowing you to login to the server due to a certificate error.

Expected behaviour

Because I checked "Trust this certificate anyway", client should proceed with the certificate trusted and be able to function normally.

Actual behaviour

I get a Chrome-looking error screen that says ERR_INSECURE_RESPONSE.

For the record, I can access the server through Chrome once trusting the certificate, the issue isn't server side.

Steps to reproduce

  1. Connect to a Nextcloud server that has self-signed SSL.
  2. Check "Trust this certificate anyway" and proceed to the next prompt.
    Screenshot 1: https://iota.lt/d/cXxnz5CCEL/G0lKQJAB.png
    Screenshot 2 (error): https://iota.lt/d/DnDUkVFytG/hpx71W9B.png

Client configuration

Client version: 2.5.0beta1 (build 20180803)
Operating system: Windows 10 Pro
OS language: English
Installation path of client: C:\Program Files (x86)\Nextcloud

Server configuration

Server configuration is not relevant to the issue, it works without HTTPS and also works with a valid SSL certificate, issue seems to be isolated to self-signed SSL certificates.

I have a reverse proxy for external access that terminates with a valid Let's Encrypt SSL, but within my server's private LAN I use a self-signed SSL to simplify management, which is where this particular client is. I can mitigate this problem for now by either using HTTP (which is fine since it's local anyway) or by routing the connections through my SSL termination proxy that corrects the certificate, however this worked fine in previous versions of the client with the self-signed certificate.

@kirkschnable

This comment has been minimized.

Copy link
Author

commented Oct 6, 2018

I guess this SSL certificate is expired, which may be why, but I do have older Nextcloud clients that are working fine with this certificate. I would think that once you check that "trust this certificate anyway" checkbox, all validation other than "is this the same certificate?" should not be considered. My SSL termination proxy doesn't care that this backend certificate expired, nor do my older Nextcloud clients on this LAN that are still syncing with this server.

@leighss

This comment has been minimized.

Copy link

commented Jan 12, 2019

Same for me
#849 ?

@alex-gee

This comment has been minimized.

Copy link

commented Jan 20, 2019

Same here on Mac OS

@boggle247

This comment has been minimized.

Copy link

commented Jan 20, 2019

Same on Linux Kubuntu 18.04 (for desktop client).

@lavigne958

This comment has been minimized.

Copy link

commented Jan 28, 2019

I have a similar issue, my server certificate has expired, when I click on "trust anyway" I either get a chrome like error.

I will be very happy to have a look at it.

If anyone already has a fix please feel free to push it.
On the mean time I check if I can fix it, or even just let "trust anyway" button work

@Larsene

This comment has been minimized.

Copy link

commented Jan 28, 2019

I have a similar issue on Windows, with a self signed certificate, but the answer code is different (as the certificate is not expired) : ERR_CERT_AUTHORITY_INVALID even after manual acceptation of the certificate.

@cdoenges

This comment has been minimized.

Copy link

commented Jan 28, 2019

I agree that this looks like #849.

I see the same issue on macOS with client 2.5.1final (build 20181204).

@lavigne958

This comment has been minimized.

Copy link

commented Jan 28, 2019

I am looking at it, I found at some point a function that seem to handle SSL error, and at this point it returns false, which leads the webview to discard the whole page.
I will keep searching for a solution.

@lavigne958

This comment has been minimized.

Copy link

commented Feb 2, 2019

I found a solution to check if the user agreed to accept the certificate even though it is not a valid one.

I am curently reading the bug fix process on nextcloud website. A pull request will come soon.

@lavigne958

This comment has been minimized.

Copy link

commented Feb 3, 2019

Pull request created: #1065

@Pojay-hcz

This comment has been minimized.

Copy link

commented Mar 15, 2019

Same here with Mac OS 10.13.6. Uninstalled NC desktop client 2.5.1.20181204. Installed NC desktop client 2.3.3.84 instead, works again without a problem.

@AnthropoceneRich

This comment has been minimized.

Copy link

commented Apr 3, 2019

If you're on a Mac then downgrade to 2.33 and install that version, it should install (it did for me). Make sure you delete the current version first. Once you've set up the older version (your login details) you can reinstall 2.5.*. But first of all you need to move the files in 'Library/Application Support/Nextcloud' to 'Library/Preferences/Nextcloud'.

It should work fine on installation. I should add that I did this on a new installation. I don't know if it may or may not cause problems down the track.

@user23498723452

This comment has been minimized.

Copy link

commented Apr 26, 2019

Is this critical issue ever going to be solved? I have been unable to use anything but an old 2.3.3 client version because of this for 6+ months. (Ubuntu user)

@lavigne958

This comment has been minimized.

Copy link

commented Apr 30, 2019

a work around as been pulled into master branch:
#1071

it is under the branch stable-2.5.3-rc1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.