can' connect to a local network name

[jkumeboshi]

If I use a simple local name (such as HTTPS://nextcloudhost/) in the address instead of a full qualified doman name the application does not connect to the nextcloud server.
The application doesn't even attempt to establish a connection to the server.

[vauvenal5]

Hi. Thanks for reporting the issue. I will have some time in the next days and will have a look into this issue.

[vauvenal5]

Yes, the current URL validation requires a valid URL. I will fix that in the near future.

[igor-cali]

I experience the same issue, after installing today from F-Droid.

[dabru1984]

Using the IP address (e.g. HTTPS://192.xxx.x.xxx) the sign in page doesn't load. I guess it's the same issue.

[vauvenal5]

I will add an advanced mode, where you will be able to specify the target server in a more detailed way.

[vauvenal5]

@dabru1984 if you can proceed to the webview then it might be something else.

[dabru1984]

Thank you! OK for the advanced mode. For the load page, it doesn't load at all, i am using microg, the app is GSF dependent? Maybe I can load the page externally somehow?

[vauvenal5]

No the app should not be GSF dependent. I will be pushing today a new version with an option to disable URL validation, this should allow connection to local network names.

@dabru1984 regarding the IP issue can you retry with port specified?

Edit: However, in any case you need to have a valid SSL certificate or you have to import your self signed cert into your Android trust store, see #40.

[dabru1984]

Hello @vauvenal5 thank you for the follow up, i have tried and failed because i have a self-signed cert, so I fall into #40 issue. I'll try to follow up and add the certificate in order to proceed. Thanks

[vauvenal5]

• add documentation for disable URL validation feature

[dabru1984]

Thank you for the help so far but I think I would not use a certificate considering that I need to do it only to use the app... I'll look forward for other possibilities to use it without the certificate...

[vauvenal5]

I will have to try how it behaves with the browser enabled login flow, feel free to reopen #40.

Just in general, have you considered using Let's Encrypt certs?

[vauvenal5]

@jkumeboshi / @igor-cali can one of you confirm that connecting to a hostname is now possible with the new option to disable URL validation? So I can close this issue.

[igor-cali]

@jkumeboshi / @igor-cali can one of you confirm that connecting to a hostname is now possible with the new option to disable URL validation? So I can close this issue.

@vauvenal5 I still cannot get to the login, even disabling the URL validation and installing my self-signed certificate on the mobile as discussed in #40.

[jkumeboshi]

Me too, I cannot connect at all.
I use a custom CA to issue certificates, and I've installed the CA cert in android system store.
It works with official nextcloud app and with Chrome as you can see from image.
I cannot even see any connect try in the nginx logs.

[vauvenal5]

Can you provide logcat logs?

@jkumeboshi and you are only entering odroidn2 in the URL field?

[jkumeboshi]

@vauvenal5 sorry, but I'm not sure how to do.
I enter https://odroidn2 in the field after disabling check

Maybe logs are not enabled in the release builds from web store?
I can get only following logs after I start the web view:

2021-01-15 15:26:30.661 1621-1744/? D/Boost: hostingType=, hostingName={com.github.vauvenal5.yaga/org.chromium.content.app.SandboxedProcessService0:2}, callerPackage=com.github.vauvenal5.yaga, isSystem=false, isBoostNeeded=false.
2021-01-15 15:26:30.662 669-1472/? D/OemNetd: setPidForPackage: packageName=com.github.vauvenal5.yaga, pid=7190, pid=99841
2021-01-15 15:26:30.662 1621-1744/? I/ActivityManager: Start proc 7190:com.google.android.webview:sandboxed_process0:org.chromium.content.app.SandboxedProcessService0:2/u0i841 for  {com.github.vauvenal5.yaga/org.chromium.content.app.SandboxedProcessService0:2} caller=com.github.vauvenal5.yaga

[vauvenal5]

Hi everyone! Can you confirm that your issue still exists in v0.18.2 there I fixed another login related bug.

[igor-cali]

Hi everyone! Can you confirm that your issue still exists in v0.18.2 there I fixed another login related bug.

@vauvenal5 the issue still exists for me with v0.18.2.

[vauvenal5]

Okay! I will work on implementing the login flow v2, which is based on the system browser instead of an internal web view. This way it should fix this problem since you can reach your Nextcloud from your browsers. However, this might take a while since there will be some changes necessary in the upstream Nextcloud Dart library. See provokateurin/dart-nextcloud#20

[vauvenal5]

I just released v0.19.0. It supports the browser based login flow as well.

[igor-cali]

I just released v0.19.0. It supports the browser based login flow as well.

Nothing happens when I tap on the open in browser icon.

[vauvenal5]

You do the following steps, right?

• disable validation
• enter https://yourhostname
• hit open in browser

[igor-cali]

You do the following steps, right?

* disable validation

* enter `https://yourhostname`

* hit `open in browser`

I do:

• disable validation
• enter https://<server_ip>/<nextcloud_server_path (my server address is something like https://xx.xx.xx.xx/ncfolder)
• hit open in browser

[vauvenal5]

Can you retrieve the logcat output?

[jkumeboshi]

Same results for me, now I get no result if I press the "continue" button to start webview and "browser" button.
Il logcat I can see following when I press both buttons

2021-01-19 23:00:35.798 6871-13149/? E/flutter: [ERROR:flutter/lib/ui/ui_dart_state.cc(177)] Unhandled Exception: HandshakeException: Handshake error in client (OS Error: 
    	CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate(handshake.cc:354))

well, the problem looks like to be that the dart HTTP client doesn't uses the system CA store, probably it uses an internal CA store, such as a .PEM file containing major CA certificates.

Ok, I did try to build the source and I've disabled CA cert verification adding following code in main:

import 'dart:io';

class MyHttpOverrides extends HttpOverrides{
  @override
  HttpClient createHttpClient(SecurityContext context){
    return super.createHttpClient(context)
      ..badCertificateCallback = (X509Certificate cert, String host, int port)=> true;
  }
}

void main() {
  setupServiceLocator();
  HttpOverrides.global = new MyHttpOverrides();
  runApp(MyApp());
}

I can successfully login in nextcloud and grant access, but later I get following error:

I/flutter: �[38;5;196m[E] ForegroundWorker - Error in forground worker: HandshakeException: Handshake error in client (OS Error: 
    	CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate(handshake.cc:354))

if I add HttpOverrides in ForegroundWorker and NextCloudService too, it works.

so definitely it's a CA validation problem.

[vauvenal5]

Hey! Thanks for the research! I will have to look up if it is possible to make Dart use the System CA store. If this is not possible I will have to think about what the proper approach might be in this case. Adding the ability to disable CA verification in general seems too dangerous. 🤔

[vauvenal5]

Strictly speaking this is now equal to #40.

[Pato05]

Are you using the Open in Browser-login flow?

I click the button, but only a little "Trust Certificate" popup appears, no browser is opened.

[vauvenal5]

Would you be able to provide me with logcat logs?

[Pato05]

Yessir!
Edit vauvenal5: Downloaded and removed to avoid leaking of data.

[vauvenal5]

@Pato05 is your trust dialog behavior the same as descibed in #101?

Edit: Also I had a look on your logs and there is indeed a CA error in there:
flutter : CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate

[Pato05]

@Pato05 is your trust dialog behavior the same as descibed in #101?

Edit: Also I had a look on your logs and there is indeed a CA error in there:
flutter : CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate

Yes, but since I installed my CA, I don't have to click any "Proceed Anyway" button, here is a screenshot

[ruben-tura]

I still don't know how to make this work unfortunately.

[vauvenal5]

Flutter does not respect the system CAs. So for Flutter this is still a untrusted certificate. However, what I can not get my head around is why the Trust-Dialog is not working. I will improve logging around the cert dialog and push a new version. If @Pato05 could then send me a new logcat we might see something more.

[Pato05]

Flutter does not respect the system CAs. So for Flutter this is still a untrusted certificate. However, what I can not get my head around is why the Trust-Dialog is not working. I will improve logging around the cert dialog and push a new version. If @Pato05 could then send me a new logcat we might see something more.

Sure thing, do I need to download another version? Because in the logcat I sent earlier, I had already clicked trust several times

[vauvenal5]

I just published v0.22.4 once you get the update please try again an record the logs. Best send them to me by email.

[Pato05]

I just published v0.22.4 once you get the update please try again an record the logs. Best send them to me by email.

Sure, I will look into it later.

[ruben-tura]

I just published v0.22.4 once you get the update please try again an record the logs. Best send them to me by email.

Tried it.
Doesn't show the popup anymore, but it still doesn't open the browser, it just doesn't do anything.

EDIT:
Ok my mistake, it still shows the popup, but same behaviour as before. Nothing happens and the popup stays back on.

[vauvenal5]

@ruben-tura yes, this is expected since I only increased the log output to be able to find the actual issue.

[ruben-tura]

@ruben-tura yes, this is expected since I only increased the log output to be able to find the actual issue.

Oh ok, sorry!

[Pato05]

@vauvenal5 Here is the interested logcat part

03-19 21:33:00.141 21593  6613 I flutter : [W] SelfSignedCertHandler - Fingerprint Cert: [fingerprint]
03-19 21:33:00.141 21593  6613 I flutter : [W] SelfSignedCertHandler - Saved Fingerprint: [fingerprint]
03-19 21:33:00.141 21593  6613 I flutter : [W] SelfSignedCertHandler - Host: 192.168.1.2
03-19 21:33:00.141 21593  6613 I flutter : [W] SelfSignedCertHandler - Cert-Subject: *******************REDACTED*******************
03-19 21:33:00.142 21593  6613 E flutter : [ERROR:flutter/lib/ui/ui_dart_state.cc(186)] Unhandled Exception: HandshakeException: Handshake error in client (OS Error: 
03-19 21:33:00.142 21593  6613 E flutter : 	CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate(handshake.cc:354))
03-19 21:33:00.142 21593  6613 E flutter : 

[vauvenal5]

@Pato05 can you confirm one more thing for me please, does your Cert-Subject end with your Host-IP?

[vauvenal5]

Just published v0.22.8. This should hopefully fix the issue.

[ruben-tura]

Just published v0.22.8. This should hopefully fix the issue.

It works like a charm! Thank you so much!

[igor-cali]

Still does not work for me w/ v0.28.8.
Disabling the security I get a permanent blank page.
If I press Open in browser (my browser is Fennec) I can grant access, but Yaga is still on the login page.

[Pato05]

Just published v0.22.8. This should hopefully fix the issue.

it does work, thanks!

[vauvenal5]

@igor-cali I just published v0.23.1 with improved handling for self-signed certs and completely reworked logging. You can now send logs from within the global settings. Please try again and if does not work send me the logs.

[igor-cali]

v0.23.1 worked for me.

[vauvenal5]

I consider this issue closed.

[igor-cali]

v0.23.12 from F-Droid gives me this issue again (blank screen).

[vauvenal5]

Please re-open if it is still an issue.