Mozilla_sync and Firefox for Android

[HiBit]

Hello Everyone,

i'm running Owncloud: 5.0 and using the mozilla_sync app. I can sync various Firefox installations on differently Computers and everything ist working fine for me.

But now i've tried to sync Firefox for Android 19.0.2 with my Owncloud but it doesnt work.
I configure the Android client like all my other clients but at the final Screen where I have confirm my settings the wizzard just stop and didn't take an effect.

Does anyone know about this problem?

[beyerservice]

Maybe something with SSL cert? Did you use one ? Selfsigned?

[HiBit]

hi,
ive tried it with both. one self signed an one signed from a ca. same issue with both:/

[beyerservice]

try to access sync URL without http. i think Firefox on Android has some problems with ssl-certs. did you buy that cert or did you use cacert.org?
if you found some working root-cert to import in android, than this might work. my firefox always crashed trying that :-(

[HLFH]

Same problem. Self-signed certificate. I'm usign CaCert certificates. My Firefox always crashed too after trying installation of .PEM certificates.

[ldidry]

Could you try a nightly version of Firefox for android (http://nightly.mozilla.org/) ? I had the same crash problem with cacert pem root keys and certificates and it's solved now with nightly.

[HLFH]

No more crash problem with nightly version but still no sync :(
EDIT : My CaCert certificate is not entirely good because it applies to a domain, no to a subdomain. CaCert website is quite down, so I must wait : http://blog.cacert.org/2013/03/591.html

EDIT 2 : My CaCert certificate is now ok with a Wildcard certificate, I flashed again my phone and there is always this problem.

[HiBit]

okay ill test it today with a nightly build of ff.

[HiBit]

ive tested it. still same problem:/

[j-ed]

@HiBit First make sure that you the website certificate can be verified without any problem by your browser. If you bought an official certificate for your server this shouldn't be a problem but if you're using a self-signed certificate you have to import the root certificate to your browsers certificate cache to get it verified without a problem.
Afaik the CAcert root certificate is not part of the certificate cache of Android devices and it need to be installed manually. Check the CAcert Wiki for further details: http://wiki.cacert.org/FAQ/ImportRootCert

Additionally you can enter "about:sync-log" in the Firefox address line and check if any error log file has been created which might give you an idea of the root cause of the problem.

[HiBit]

@j-ed
[x] Verification of certificate in browser without problems
[x] Importing the CAcert root certificate in Android device

Still same problem: No syncing.

If I enter about:sync-log in my Firefox on the Android Device I got an error. Site is not avaiable.

Any other suggestions?

[HLFH]

Still same problem: No syncing. Same for me...

[j-ed]

@HiBit Please make also sure that you are using the exact server URL, which is given in the certificate, to prevent certificate verification problems. If the URL in the certificate is e.g. "server.domain.lan" you have to access the server using that domain and not e.g. the ip address of the server.

[HLFH]

With a Wildcard certificate, for CN : Common Name (e.g. server FQDN or YOUR name) []:*.servername.net
So the problem is Mozilla_Sync on Android with HTTPS but not directly CaCert.

[HiBit]

@HLFH
what do you mean?

@j-ed:
I've a wildcard certificate *.url.tld. I connect with owncloud.url.tld.

[ldidry]

Could you make sure you have imported the cacert (or the problematic CA) root keys in Android ? Firefox will import them into Firefox, so you'll need to use an other web browser to do it.
I did it and the synchronization was OK.
The only thing that still not works is the tabs synchronization, but my bookmarks and password are now in sync.

This problem is due to the fact that Firefox Sync is not run inside Firefox, so it does'nt use the Firefox CA keys.

[HiBit]

@ldidry
can you tell me exactly witch of the certificates do you import and how? it would be great if you can tell me this=)

[HLFH]

@ldidry

Thanks for details Mister Arsall but it's already done.

Smartphone : Samsung Galaxy S GT-I9000
Operating System : CyanogenMod 10 (based on Android 4.2.2)
Firefox : every last version in the Firefox channels (Aurora, Nightly, Beta, Final)

I use Nginx not Apache (Netcraft is loving it > http://news.netcraft.com/archives/2013/04/02/april-2013-web-server-survey.html). I think that is the heart of the problem.

I have installed these root certificates and only these root certificates : http://www.cacert.org/?id=3, .PEM format, class 1 and 3 PKI keys.

For testing, I have reflashed all my smartphone first with Odin 3.07 using repartition, secondly with the Open Source app Heimdall without repartition (bug on 1.3.2 Suite, compilation errors for next GitHub versions on OS X)

Security > Trusted Certificates > User > Cacert Inc. (Cacert Class 3 Root) & Root CA (CaCert Signing Authority).
So, it's done.

I'm using the advanced modes during the Firefox Sync setup.
And Firefox Sync on Android was saying to me : "please enter valid server url".

So, I used this for SSL in Nginx owncloud.conf :

ssl_certificate /etc/nginx/ssl/cacert/surfnote_crt.pem;
ssl_certificate_key /etc/nginx/ssl/cacert/surfnote_privatekey.pem;
ssl_protocols SSLv3 TLSv1; #added after, did nothing
ssl_ciphers AES128-SHA; #added after, did nothing

Must I add other things than root CaCert certificates ? Privatekey, server certificate...?

Thanks in advance :p

[ldidry]

@HiBit : I have installed these root certificates and only these root certificates : http://www.cacert.org/?id=3, .PEM format, class 1 and 3 PKI keys, just as @HLFH

@HLFH : did you install them in Firefox too ? I don't know if there is a point to this, but just in case… Did you go to your owncloud with firefox and eventually accepted the certificate security exception ?

Here's my nginx conf :

    ssl                  on;
    ssl_certificate      /etc/ssl/private/universal.chained.crt;
    ssl_certificate_key  /etc/ssl/private/privkey.key;

    ssl_session_timeout 5m; 
    ssl_session_cache shared:SSL:5m;

Did you see anything in your logs ? I didn't saw anything from my Android before adding the cacert root keys.

Plus, I didn't use the advanced sync setting, but use the add a device from my computer. Maybe it will be the job ?

[HLFH]

@ldidry

did you install them in Firefox too ?

Yes also ;)

Did you go to your owncloud with firefox and eventually accepted the certificate security exception ?

Yes also, I tested that.

Plus, I didn't use the advanced sync setting, but use the add a device from my computer. Maybe it will be the job ?

I tested both. Add a device from my computer did the trick but there is no real syncing at the end (no bookmarks & no synced passwords, etc.) Advanced mode said "please enter a valid server url". In fact, with advanced mode, I have great feel that it will be ok but after 20 seconds maybe - I repeat - I have please enter a valid server url, so it's maybe the timeout issue for me.

Did you see anything in your logs ?

I will retry adb logcat but I think it wouldn't help...
And thanks for Nginx conf, I will retry (@^^@)

[ldidry]

@HLFH
The tabs didn't work for me at all, but the passwords and bookmarks took a loooooooong time to really sync.
In fact, I saw that the passwords and bookmarks worked one or two days later. Could you try to add the device from your computer, then wait a day or two ?

And by your logs, I meant your nginx logs (sorry for the confusion). The sync agent will appear with a user-agent like Java (1.5)

[HiBit]

sooo, ive installed the same root certificates as you guys but it didnt work:(
if i try to add the certificates also to my firefox it crashes. did anyone know in which logfile
apache writes the connetion attempts?

[HLFH]

@HiBit

For small crash Firefox, please install Firefox Nightly or Firefox Aurora : http://www.mozilla.org/en-US/firefox/channel/#aurora

. did anyone know in which logfile
apache writes the connetion attempts?

/var/log/apache/access.log ?

[pzy]

Hey there i guess i'm facing the same problem...i first thought that the error might be the self-signed certificate (and i got one error regarding that), now after getting a cert from startssl.com i still cannot sync with my own server..i added serveral new desktop firefox instances.
Now i get the following error from logcat
E/FxSync (18888): firefox :: SyncAdapter :: Credentials attached to account, but missing syncKey. Aborting sync.

[thomasysliu]

According to

https://bugzilla.mozilla.org/show_bug.cgi?id=847178

We found some issue for the owncloud storage server: both https://docs.services.mozilla.com/storage/apis-1.0.html and https://docs.services.mozilla.com/storage/apis-1.1.html are clear that the "modified" field must be present and should be a number (float, 2 decimal places) and not a string.

This may fix the sync issue on Firefox mobile.

[thomasysliu]

Here is my patch #1163

[hurr1c4ne]

Hi, I'm experiencing the same issue HLFH has. I have applied patch #1163, but sync still does not work on Android Firefox. Desktop Firefox Sync works pretty good. Considering to implement http://docs.services.mozilla.com/howtos/run-sync.html, now...

[Salzi]

Same problem here. Add patch #1163 without success on Android Firefox :-(

[ogasser]

If you get the "Invalid server URL" message, check your server's SSL settings. Firefox mobile uses the RC4-SHA cipher suite.

If you use nginx you can add the following to your nginx.conf:

ssl_ciphers HIGH:RC4-SHA:!aNULL:!MD5;

[apg1980]

Hello,

i am using sophos utm 9.3 webserver protection.
my owncloud server is published via a valid trusted ssl cert from startssl.com and is proxied to the internal http port 80 of the apache webserver (bitnami owncloud appliance).
i am unable to get the ff sync working. Desktop firefox is working.
Are there any known settings i have to check to get the sync working on my android ff devices?
Thanks for your reply.