Replies: 3 comments
-
|
Sorry, I don't understand. What do you think should be a bug? Please have a look here as well: |
Beta Was this translation helpful? Give feedback.
-
|
The bug is: Why does davx5 generate a warning more than two days after the event? It should warn IMMEDIATELY. If I remember correctly, previous time was much longer than two days, more like a week or so. I mean, if there is a security event, say a burglary going on, you are not going to schedule in your agenda for next week to call the police. You call 911 immediately. DavX5 is syncing at regular intervals so it must have encountered the new cert very shortly after renewal yet remained silent. I could do some more testing if you want, forcing another cert renewal. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for clarifying. I have looked into it and for me DAVx5 complains immediately at the next connection attempt after the certificate has changed.
Maybe DAVx5 was unable to sync due to aggressive battery saving behaviour or missing/undetected internet connection (when using a VPN)?
If you can reliably reproduce the behaviour, please send us verbose logs and we can dive deeper. 👍 |
Beta Was this translation helpful? Give feedback.
-
The letsencrypt certificate on my server was renewed using automated script, server restarted. Two days and a few hours later I got the security popup from davx5 "Please review the certificate".
Using Davx5 4.4.0.1-ose
I verified from the logs that the server (apache used as proxy to provide ssl for local radicale dav server) restarted after renewal and has not restarted or reloaded since. The old certificate was deleted after successful renewal but I checked my backup and it is still valid for 3 more days.
I remember same issue has happened after previous renewal.
Could this be a security bug?
Beta Was this translation helpful? Give feedback.
All reactions