Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error "UNK" whan adding an account #181

Open
JeromeSi opened this issue Feb 12, 2018 · 19 comments
Open

Error "UNK" whan adding an account #181

JeromeSi opened this issue Feb 12, 2018 · 19 comments

Comments

@JeromeSi
Copy link

Steps to reproduce

1.write URL / Login / Password
2.click Sign in
3.error "UNK"

Expected behaviour

I can't connect the 2.0.1 with my nextcoud
Nextcloud SMS 1.2.4 work fine

Actual behaviour

I have the message error "UNK" when i try to add an account

Server configuration

Nextcloud version: 11.0.6

PHP version: 5.6.33

Webserver: apache2

HTTPS: 2.4.10

Client configuration

Android version: 8.0.0 or 6.0 or 7.1.2

Phone: XZ1 compact / emulated / Moto G 4G peregrine

Nextcloud SMS app version: 2.0.1

Logs

E/Surface: getSlotFromBufferLocked: unknown buffer: 0xae477d00
E/Surface: getSlotFromBufferLocked: unknown buffer: 0xae477f80
I/fr.unix_experience.owncloud_sms.activities.LoginActivity.UserLoginTask: _serverURL = https://192.168.1.253:4433
I/GoLog: Get https://192.168.1.253:4433/index.php/apps/ocsms/get/apiversion?format=json: x509: cannot validate certificate for 192.168.1.253 because it doesn't contain any IP SANs
D/EGL_emulation: eglMakeCurrent: 0xaa9efe40: ver 2 0 (tinfo 0xafead090)
D/EGL_emulation: eglMakeCurrent: 0xaa9efe40: ver 2 0 (tinfo 0xafead090)
D/EGL_emulation: eglMakeCurrent: 0xaa9efe40: ver 2 0 (tinfo 0xafead090)
D/EGL_emulation: eglMakeCurrent: 0xaa9efe40: ver 2 0 (tinfo 0xafead090)
D/EGL_emulation: eglMakeCurrent: 0xaa9efe40: ver 2 0 (tinfo 0xafead090)
D/EGL_emulation: eglMakeCurrent: 0xaa9efe40: ver 2 0 (tinfo 0xafead090)
D/EGL_emulation: eglMakeCurrent: 0xaa9efe40: ver 2 0 (tinfo 0xafead090)
E/Surface: getSlotFromBufferLocked: unknown buffer: 0xae476e00
E/Surface: getSlotFromBufferLocked: unknown buffer: 0xae477d00
capture
@nerzhul
Copy link
Owner

nerzhul commented Feb 12, 2018

@JeromeSi interesting error, at least you give me the golang error it's fine

@nerzhul
Copy link
Owner

nerzhul commented Feb 12, 2018
edited
Loading

It seems it can be due to your local certificate. Seems java client accept it but not the golang http client which is stricter. I'm looking for a workaround to permit it in insecure configurations

Your certificate doesn't have any IP:192.168.1.253 field

@JeromeSi
Copy link
Author

JeromeSi commented Feb 12, 2018
edited
Loading

In this log, you find the golang error... I'm learning about it.
The certificate are self signed (it's my own little server)

@nerzhul
Copy link
Owner

nerzhul commented Feb 12, 2018

@JeromeSi i'm trying to reproduce the problem

@nerzhul
Copy link
Owner

nerzhul commented Feb 12, 2018

can you give me the public certificate of your server by mail (contact at unix-experience.fr) i will analyse the SSL issue on it

@JeromeSi
Copy link
Author

wait a minute

@nerzhul
Copy link
Owner

nerzhul commented Feb 12, 2018
edited
Loading

For your usecase with SSL, regenerate a proper certificate with proper SANs (IP/DNS names)

First generate the following openssl.cnf file

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = MN
localityName = Locality Name (eg, city)
localityName_default = Minneapolis
organizationalUnitName  = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Domain Control Validated
commonName = Internet Widgits Ltd
commonName_max  = 64

[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = kb.example.com
DNS.2 = helpdesk.example.org
DNS.3 = systems.example.net
IP.1 = 192.168.1.1
IP.2 = 192.168.69.14

Replace DNS entries with yours if you have it, and IP with yours. (if you have 3 IPs, add IP.3 = A.B.C.D)

Next regenerate a private key

openssl genrsa -out nextcloud.key 2048

And generate a signing request

openssl req -new -out nextcloud.csr -key nextcloud.key -config openssl.cnf

Last generate the certificate

openssl x509 -req -days 3650 -in nextcloud.csr -signkey nextcloud.key -out nextcloud.crt -extfile openssl.cnf -extensions v3_req

If all succeed, verify the certificate with the following command

openssl x509 -in nextcloud.crt -text

You must have the following entry: X509v3 Subject Alternative Name:, containing your IPs or DNS names

If it's good, replace certificates of your nextcloud/owncloud instance

@JeromeSi
Copy link
Author

I've got new certificate...
a space missing in
"openssl req -new -out nextcloud.csr -key nextcloud.key -config openssl.cnf"

@nerzhul
Copy link
Owner

nerzhul commented Feb 12, 2018

i also just released 2.0.2 to show the SSL issue properly in android

@JeromeSi
Copy link
Author

mmh. I replace my old certificate by new in my configuration, I reboot my server and no access to my owncloud...

@nerzhul
Copy link
Owner

nerzhul commented Feb 12, 2018

Just check your apache/nginx logs it should show you a SSL issue on the startup i think, maybe you inverted key and cert

@JeromeSi
Copy link
Author

JeromeSi commented Feb 12, 2018
edited
Loading

ok. You're right.
I've got the same error...but I've got the 2.0.1 version

@JeromeSi
Copy link
Author

I don't know the line command to update my git repository on my hard disk...I'm searching

@JeromeSi
Copy link
Author

JeromeSi commented Feb 12, 2018
edited
Loading

Different issue but error
capture du 2018-02-12 23-34-00
E/Surface: getSlotFromBufferLocked: unknown buffer: 0xaa284b20
E/Surface: getSlotFromBufferLocked: unknown buffer: 0xaa284580
I/fr.unix_experience.owncloud_sms.activities.LoginActivity.UserLoginTask: _serverURL = https://192.168.1.253:4433
I/GoLog: Get https://192.168.1.253:4433/index.php/apps/ocsms/get/apiversion?format=json: x509: certificate signed by unknown authority
D/EGL_emulation: eglMakeCurrent: 0xaa2ef960: ver 2 0 (tinfo 0xaaa5e700)
D/EGL_emulation: eglMakeCurrent: 0xaa2ef960: ver 2 0 (tinfo 0xaaa5e700)
D/EGL_emulation: eglMakeCurrent: 0xaa2ef960: ver 2 0 (tinfo 0xaaa5e700)
D/EGL_emulation: eglMakeCurrent: 0xaa2ef960: ver 2 0 (tinfo 0xaaa5e700)
I'm going to sleep

@nerzhul
Copy link
Owner

nerzhul commented Feb 12, 2018

at least 2.0.2 really permits to show the certificate error, i should look at this issue asap but i'm tired :)

@JeromeSi
Copy link
Author

With app 2.02 on emulated device android 6.0
When I select add an account, I have got this error in logcat :
02-13 19:20:11.396 2875-2911/fr.unix_experience.owncloud_sms E/Surface: getSlotFromBufferLocked: unknown buffer: 0x9f2c3f20
After write server address, login and password, the app crash

@JeromeSi
Copy link
Author

But "work" (don't crash when click o Sign in) on other emulated device
Classical error : 02-13 19:32:33.119 3428-4638/fr.unix_experience.owncloud_sms I/GoLog: Get https://192.168.1.253:4433/index.php/apps/ocsms/get/apiversion?format=json: x509: certificate signed by unknown authority

@livingsacrifice
Copy link

I'm getting same error as JeromeSi for unknown authority. Is it possible to add option to ignore this issue. Other apps (eg, Davdroid, Nextcloud) don't complaining about the certificate.

@hackitz
Copy link

hackitz commented May 17, 2018

Can you not add the option to allow less secure certs? Like foldersync

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nerzhul @hackitz @JeromeSi @livingsacrifice