Network error :( about passman-android HOT 66 CLOSED

I have published a new alpha release. It seems to fix network issues on some devices and it has more descriptive network errors.

Please, tell me if the new version released on the store fix this problem.
Also note, it might take a few hours for google to process and propagate the update, so please, make sure you are running v0.13 Nightly before saying it does not work.

from passman-android.

didn't have time to check it out yet! will try to this week or at least this weekend! Sorry for the delay, i have recently moved to a new home and things are a little fuzzy yet

from passman-android.

@vincegre is that the url you entered to the app? If so, it's not a fully quallified domain name, and the phone can't resolve it.

from passman-android.

no no it was just not to reveal real url but sure my server is publicly avalaible on internet and with a full FQDN and SSL protection !
I have no problem with other apps on my phone that synchronise to my NextCloud system !

from passman-android.

Is nextcloud installed in a subdirectory?

from passman-android.

nope but SSL is done with a Let's encrypt certificate and I know some old apps don't like much these certificates ! Maybe it's the problem ?

from passman-android.

Denepnding on your android version and your server ssl configuration this could be an issue.

@brantje we need an issue template for this project too

from passman-android.

Same here:

android 7.1.1
Nextcloud 12.0 beta2
passman 2.1.2
SSL Cert from letsencrypt / nginx webserver

App works with https://demo.passman.cc/

from passman-android.

Would need more info to debug this out.
Please tell me your:

1. Server port
2. SSL server configuration
3. Owncloud / Nextcloud install path relative to site root
4. Android version
5. Passman version
6. Owncloud / Nextcloud version
7. Server logs (apache and nextcloud)
8. Does the official standard nextcloud/owncloud app works with the device?

from passman-android.

Sure:

1. 443
2. https://pastebin.com/SbvQQzxw
3. Sites Rootdirectory
4. 7.1.1
5. 12.0 beta2
6. The connection attempt from the app is neither shown in the nginx nor in the nextcloud logfile.
7. Yes. Maybe worth noticing that I also use the TOTP Plugin of Nextcloud.

from passman-android.

Here are details requested:

Server port is on standard SSL 443 (only SSL, if it tries http it's automatically redirected to https
SSL server configuration is pretty standard (Apache 2 with Let's Encrypt certificate), has no problem with other cellphone apps that connect at my Nextcloud server

Apache 2 with TLS 1.2

NextCloud installed at root of web server

Android 7.1.1 (One Plus 3)

Passman version on Android: 0.12-NIGHTLY

NextCloud 11.0.3 Passman app: 2.1.2

For logs not sure what you need as logs files are so big :(

No problem to connect with official NextCloud app and some other apps that goes with NextCloud. I use TOTP but I generate a specific distinct password for each app that needs to connect to NextCloud.

from passman-android.

Hi,
I had the same issue on my old android.
I solve it by putting the same certificate on my root server and on the subdomain where I host nextcloud.

Is it possible for you to try?

from passman-android.

Maybe it's an issue with old android versions and ssl SNI.

I will have to further investigate this and see if the lib we use for http/s requests has a workaround for this.

from passman-android.

@florianaudon not relevant as I'm in latest version of Android so it has no problem with SNI ! Side note your explanation about your problem looks like your SSL chains were incomplete on your webserver which can cunfuse some browsers !

from passman-android.

It's also possible that some cyphers are not supported by Android and thus giving problem.
Since the demo server seems to work with Android i'll post the nginx config here for testing purposes

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable preloading HSTS for now.  You can use the commented out header line that includes
# the "preload" directive if you understand the implications.
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;

from passman-android.

Hi, I have the same issue on an old phone.
Android 4.4.2 (Wiko Goa)
Passman-android version 0.12 nightly.
LetsEncrypt certificate
My nginx config :

ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_timeout  5m;
ssl_session_cache    shared:SSL:1m;
ssl_ciphers HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128;
ssl_dhparam /etc/ssl/certs/dhparam4.pem;
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options DENY;
proxy_hide_header X-Powered-By;

add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; ";

from passman-android.

please, refer to this table as of android support for ssl cyphers:
https://developer.android.com/reference/javax/net/ssl/SSLSocket.html

from passman-android.

Can it be a lack of TLS 1.2 support if I can access the very same url on the stock browser, nextcloud and davdroid application ?
Feel free to ask any detail about my configuration, I dont know what you need. Can it be LetsEncrypt related ?

from passman-android.

hmmm maybe the CA from letsencrypt is not included by default in android?

from passman-android.

Just found this link: https://community.letsencrypt.org/t/android-doesnt-trust-the-certificate/16498

from passman-android.

@animalillo If you are using Android 4.4.2 with SNI on your web server it won't work as that version of Android was not compatible with SNI protocol so either update the very outdated Droid or move your server to a dedicated IP for the virtual server....

from passman-android.

@vincegre I suppose you wanted to talk to me as I was the one with a 4.4.2 Android.
If SNI doesnt work, shouldnt it fail for all attempts to connect to my nextcloud instance ?
Also according to https://www.ssllabs.com/ssltest/viewClient.html?name=Android&version=4.4.2 it should support SNI.
I am open to the fact that it might be my Android version which is too old but I am trying to understand why it succeeds to connect to my server on stock browser or other apps and not for passman.

from passman-android.

some apps have implemented workarounds for android flaws, some have not, we have not, we let a library handle that

from passman-android.

I see, I can’t afford a new IP right now and there’s no update above KitKat for my phone.
Anyway thanks for the help. :)

from passman-android.

@nado yep it was for you ;) Did you check that your Nextcloud instance has a complete SSL chain with sslabs ?? as it's often a problem if CA certificate is missing ! Full cert chain as you can see below:

For upgrade of your phones have you checked alternative ROMs ? often better than original ones included by manufacturer of phone :D

from passman-android.

Its a phone too cheap to get attention and get a ROM, I once tried making one but I dint have enough time to focus on it.

SSLabs screenshot :

from passman-android.

@nado looks like your only solution now is to change your phone :(

from passman-android.

i could check if it's an app problem if you crate me an account and i can try the app on your server from my phone pm me on telegram

from passman-android.

I am not on telegram, I still use mails (nado@edited), irc (nado on freenode) :)

from passman-android.

@nado i sent you an email from marcos@[domain].es

from passman-android.

Confirmed that android 4.4.2 seems to have issues with some ssl configurations, think on making a workaround or a more descriptive message

from passman-android.

Based on your answers I made some changes to my nginx configuration, but i still get an network error on my android 7.1.1.

According to SSL Labs i get an A+ on the self test. And I don't want to reduce the security of my website to get the passman app working.

https://www.ssllabs.com/ssltest/analyze.html?d=cloud.5711.org&s=46.163.113.231

from passman-android.

Same here,

Android 7.1.1
Passman: 2.1.2
Nextcloud: 12
SSL: https://www.ssllabs.com/ssltest/analyze.html?d=malevolent.bofhers.com
Dockerized Nextcloud, with the port 443 exposed to the host and directly published. No other problems with other nextcloud services noticed.

from passman-android.

@adocampo are you specifiying https protocol? Using subdirectories? How are you typing the url? Maybe that helps us get the error.

from passman-android.

Yes, the URL is https://malevolent.bofhers.com/nextcloud (I tried both with an ending slash and without it). I did use succesfully the android app back when I didn't implementedyet the LE certificate and I could access the server with a selft-signed certificate.

from passman-android.

I'm going to try and check what's going on there @adocampo.
Would it be possible to get an account to login to passman and try this out with your setup?
If you want to keep a faster communication I'm @Wolfi in telegram.

from passman-android.

So far, i've tried this, and it, unsurprisingly gives me a 401 unauthorized, so... i don't see any ssl errors there (android 6)

from passman-android.

I've just contacted you via telegram, I'm going to create an account for you to see if we can reproduce the issue.

from passman-android.

Solved. As I connected to the server with a self-signed certificate and changed to Let's Encrypt, somewhere on the cache probably was the reference to the old one thus it didn't match the new one.
Deleting the app cache solved the problem 👍

from passman-android.

Well, not for me. Meanwhile I have a brand new phone with an official android version 7.0 (no lineage or cyanogen etc.) and I wiped the app cache. Still getting an network error message.

If neccessary I can create you an test account as well.

from passman-android.

that would be niec, @zmbcgn. you can pm me on telegram if you wish @Wolfi there.

from passman-android.

Credentials sent via telegram.

from passman-android.

Maybe also worth mentioning, that I dont have any issues with the web-extension of passman (https://github.com/nextcloud/passman-webextension/).

from passman-android.

didn't got any telegram at WolFi

from passman-android.

now maybe?

from passman-android.

Yes, now i notice you sent it on a private message which i don't get on the desktop app xD
I will try to connect to your server this afternoon and tell you what i can find.

from passman-android.

same here, passman webextension, and the website frontend works fine.

however i believe this is just because i am running it on very very low hardware and it just gets timeout

if you care to test my server also the url is home.nicman23.tk i shall make a test:test acount

from passman-android.

my issue seemed to be a missing chain cert from apache.

from passman-android.

Works like a charm with the new release. Thx!

from passman-android.

I can also connect now to my server. 👍

from passman-android.

Hello, I have a Nexus 6p which just got upgraded to Android O.

The app was working before the upgrade from 7.1.2.

I am on the latest nightly but am getting 'Settings incorrect'

Any ideas?
Thanks

from passman-android.

probably wrong username/password. double check url, user and password are correct. I would need more info to help you @AnisKhanUK.

from passman-android.

You were right - I needed to use my APP password as I had setup 2nd factor authentication.

Brilliant.

from passman-android.

After watching it for a few days, I think it's safe to close this issue! If anyone finds any trouble with this, i will try my best to help them debug it!

Closing! :D

from passman-android.

We got reports of @jzielke-nli having trouble, reopening. (Ref #49)

from passman-android.

following the conversation from #49 here
@jzielke-nli, you could pm me the connection details and credendials vía telegram and I could take a look into your issue

from passman-android.

@animalillo Thanks for offering that. I'll send you some credentials and keep the communication up here as requested by @brantje in #49 .

from passman-android.

@animalillo Any progress on your debugging efforts?

from passman-android.

I made some debugging today and seems like the server is not returning an expected field for the vault once you click it to open, is this the same behaviour you are getting @jzielke-nli? Vault fails to open?

For what i've seen is that the server is returning a different json format in which favicon field seems to be renamed to icon and the app can't find the required favicon field.

@brantje is favicon no longer a valid field?

if so the bug would be on es.wolfi.passman.API.Credential line 241

from passman-android.

@animalillo How can I debug this on my android device?

from passman-android.

@jzielke-nli google for adb logcat ;) In nextcloud-android on the startsite there is a small description ;)

from passman-android.

Confirmed on my device:

03-08 15:30:04.114 27576 27576 E android.nfc.Tag$1@d4f9e29: Unknown network error
03-08 15:30:04.114 27576 27576 E android.nfc.Tag$1@d4f9e29: org.json.JSONException: No value for favicon

from passman-android.

yeah, seems that @brantje changed the field name on the api response on the version you have and that's the problem, if I have time on what is left of the week I will try to release a fix and maybe add a server version check.

from passman-android.

@animalillo Is the favicon really necessary? I can't remember having seen it in any part of the app. So why not removing this one rather than implementing a fallback routine?

from passman-android.

with the new version 1.0.0 a lot of code has changed.
since nothing has happened here for a long time, I would close the issue soon if the problem does not still exist

from passman-android.

I'm closing it as I don't use passman since few years and no one else has reported same issue ;)

from passman-android.