On Mon, Feb 06, 2017 at 11:57:45AM -0500, Daniel Gnoutcheff wrote: > ... > > This may be a sign that SSL certificate verification is failing. > Stuffing that message into DuckDuckGo found me a fellow who got the same > error message and eventually determined that his server's certificate > had an unsuitable commonName value: > > > http://stackoverflow.com/questions/12346368/android-httpsurlconnection-javax-net-ssl-sslexception-connection-closed-by-peer > > If that's the case here, then we somehow need to teach this thing to > accept the cert or prepare a certificate that's more to its liking. > > What certificate are we using on https://192.168.1.27/? What's the > commonName, and what's the signing CA?
Mmm... I had used the "letsencrypt" feature to obtain one. I just checked and it was expired (valid through Jan 28 2017 it said - in green). I tried to re-obtain a new one and I got this: Failed to obtain certificate for domain <domain>.freedombox.rocks: Failed authorization procedure. <domain>.freedombox.rocks (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to <domain>.freedombox.rocks Then I tried to revoke it and that worked, but trying to re-obtain it gave the same error message above. That's where I'm stuck now. The diagnostics returned "failed", predictably. The dynamic DNS client is up to date as of 2 minutes ago. > > If I disable the android firewall I get this: > > > > =================== Android log ==================== > <snip> > > 2017-01-29 16:59:14 2 [HttpClient$1] <-- HTTP FAILED: > > java.net.ConnectException: Failed to connect to /192.168.1.27:443 > > 2017-01-29 16:59:14 2 [ui.setup.DavResourceFinder] PROPFIND/OPTIONS on > > user-given URL failed > > EXCEPTION java.net.ConnectException: Failed to connect to /192.168.1.27:443 > > That indeed looks like a firewall block. Based on this, I'd say that > fixing/disabling the firewall is necessary (but not sufficient) to get > this working. Stopping orbot and disabling the firewall seem to not fix the issue. I don't see any packets going to/from the phone with wireshark, so there is in fact a problem with the firewall on the phone. I'll keep digging into this. Still the certificate issue above is puzzling. Any hints? Thanks. Augustine _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
