Fail on https url (self-signed certificate)

[ikipatang]

Hi, thank you for this app.
Hi, first of all thank you for this app.

The https urls seems to not be supported although there is the option.
When i test the settings on my own server, it tells me there is a problem on the url.

You can test it on the free shaarli service from shaarli.fr.
https://my.shaarli.fr/ikipatang : the test doesn't work.
http://my.shaarli.fr/ikipatang : work.
I tried the go to of the app and could go on the shaarli for both urls.

I don't want to authorize http on my server, do you think you can find what is goind on ?

Thank you.

[dimtion]

Thanks for your report.
Firstly your shaarli behavior is quite strange : the URL you given return a 404 unless I add a / at the end of the URL...

But I think the reason it doesn't work is probably because you have a self-hosted SSL certificate. The app only use (for the moment) the default android settings, which it doesn't accept (for security reasons) self hosted certificates.
For now you can :

• Try to import your SSL certificate to your phone (somewhere in settings), not sure if it works
• Or publish your certificate to a third party authority

I'll see if I can override default settings and do some further investigation (perhaps the bug is something else).
Thanks again !

[dimtion]

Here is a blog post on how to add your self-signed SSL certificate onto your android device : http://www.guyrutenberg.com/2013/03/16/manually-install-ssl-certificate-in-android-jelly-bean/

[Marsup]

FYI I did all that with the certificate, I see the root certificate (StartSSL's in my case) in the list so I guess it went OK, still same error.

[dimtion]

Quite strange, if your certificate is signed by StartSSL you should not need to install the certificate into your device nor the root one.
Do you means that just like @ikipatang, it works fine over HTTP but not over HTTPS ?

[Marsup]

I have no HTTP to test with, I only use HTTPS, it's my own server.

[dimtion]

Does the error message says that the url is incorrect or that the Shaarli is incompatible ? Which "version" of Shaarli do you use ?

[Marsup]

I get the error_connecting string. Using the fork (shaarli/Shaarli).

[dimtion]

Ok, could you download this : Shaarlier_v1.2.0-debug.apk

Then try to reproduce the error message. The app should ask you if you want to send me an email. If you think there are to much personal information in the report, feel free to erase them (at least keep the error message).

Thanks in advance.

[Marsup]

OK I didn't send the email but that was helpful. I had forgotten to concatenate their pem with my crt, just misconfiguration. Thanks a lot !

[dimtion]

No problem ;)

[urza]

Hi I have similar problem. Though my certificate is not self signed, I bought it from popular CA in my country (Czech Republic) but Shaarlier wont connect to my server anyway. I have sent email report with details fr the app few days back.

[urza]

Would it be possible to add option to ignore certificate problems? Just allow me to connect anyway...

[Marsup]

@urza Chances are you badly set up your SSL certificate like I did, my error was I forgot to do the "Create a unified certificate from your certificate and the CA certificates" like told in that page.

[dimtion]

The implementation I chose for v1.3.0 is to allow the user to disable certificate validation if he wants. It not secured at all but it is a good workaround.

If the user really wants security I think he should add his certificate to his device keypass.

Have you any remarks on this workaround ?

[urza]

Wonderful exactly what I need. Thanks.

[dimtion]

Could you have a look at : https://github.com/dimtion/Shaarlier/releases/tag/v1.3.0-alpha

Please tell me if you have remarks or if you find any bug.

Thanks again for the feedback !

[urza]

Works great for me.