Does not support certificates added to the OS #652
Description
How to use GitHub
- Please use the 👍 reaction to show that you are affected by the same issue.
- Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
- Subscribe to receive notifications on status change and new comments.
Steps to reproduce
- Self-sign a certificate. Import its CA to your OS
- Make the nextcloud server use of it. The regular client will happily connect and sync with it
- Run the test client
Expected behaviour
The notify push client to make use of the OS's certificate store and expect any imported to it, just as the regular Nextcloud client.
Actual behaviour
Facing the following error:
PS C:\Users\Marcel\Nextcloud> .\test_client-x86_64-pc-windows-gnu.exe https://xyz:443 Marcel password
Error: × https://xyz:443/ocs/v2.php/cloud/capabilities: Connection Failed: tls connection init failed: invalid
│ peer certificate: UnknownIssuer
╰─▶ invalid peer certificate: UnknownIssuer
It does work just fine if I connect through a VPN, and therefore making use of Cloudflare's proxy, as it instead serves a globally accepted certificate.
I'd assume the problem occurs because the client doesn't make use of rustls-platform-verifier.
Server configuration
Web server: Nginx
Database: PostgreSQL
PHP version: 8.4.11
Nextcloud version: 31.0.8
List of activated apps
Enabled:
- bruteforcesettings: 4.0.0
- calendar: 5.5.1
- camerarawpreviews: 0.8.7
- checksum: 1.2.6
- cloud_federation_api: 1.14.0
- contacts: 7.2.6
- dav: 1.33.0
- external: 6.0.2
- federatedfilesharing: 1.21.0
- files: 2.3.1
- files_downloadlimit: 4.0.0
- files_pdfviewer: 4.0.0
- files_sharing: 1.23.1
- files_trashbin: 1.21.0
- files_versions: 1.24.0
- logreader: 4.0.0
- lookup_server_connector: 1.19.0
- notify_push: 1.2.0
- oauth2: 1.19.1
- password_policy: 3.0.0
- privacy: 3.0.0
- profile: 1.0.0
- provisioning_api: 1.21.0
- richdocuments: 8.7.4
- serverinfo: 3.0.0
- settings: 1.14.0
- sharebymail: 1.21.0
- text: 5.0.0
- theming: 2.6.1
- theming_customcss: 1.18.0
- twofactor_backupcodes: 1.20.0
- viewer: 4.0.0
- workflowengine: 2.13.0
Disabled:
- activity: 4.0.0 (installed 4.0.0)
- admin_audit: 1.21.0
- app_api: 5.0.2 (installed 5.0.2)
- circles: 31.0.0 (installed 31.0.0)
- comments: 1.21.0 (installed 1.21.0)
- contactsinteraction: 1.12.0 (installed 1.12.0)
- dashboard: 7.11.0 (installed 7.11.0)
- encryption: 2.19.0
- enhancedsharesettings: 1.0.0 (installed 1.0.0)
- federation: 1.21.0 (installed 1.21.0)
- files_external: 1.23.0
- files_reminders: 1.4.0 (installed 1.4.0)
- firstrunwizard: 4.0.0 (installed 4.0.0)
- nextcloud_announcements: 3.0.0 (installed 3.0.0)
- notes: 4.12.3 (installed 4.12.3)
- notifications: 4.0.0 (installed 4.0.0)
- photos: 4.0.0 (installed 4.0.0)
- recommendations: 4.0.0 (installed 4.0.0)
- related_resources: 2.0.0 (installed 2.0.0)
- support: 3.0.0 (installed 3.0.0)
- survey_client: 3.0.0 (installed 3.0.0)
- suspicious_login: 9.0.1
- systemtags: 1.21.1 (installed 1.21.1)
- twofactor_nextcloud_notification: 5.0.0
- twofactor_totp: 13.0.0-dev.0
- updatenotification: 1.21.0 (installed 1.21.0)
- user_ldap: 1.22.0
- user_status: 1.11.0 (installed 1.11.0)
- weather_status: 1.11.0 (installed 1.11.0)
- webhook_listeners: 1.2.0 (installed 1.2.0)
Nextcloud configuration
{
"system": {
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"my-public.domain",
"xyz"
],
"dbtype": "pgsql",
"version": "31.0.8.1",
"overwrite.cli.url": "https:\/\/my-public.domain",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"filelocking.enabled": true,
"memcache.local": "\\OC\\Memcache\\APCu",
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 6379,
"password": "***REMOVED SENSITIVE VALUE***",
"dbindex": 0,
"timeout": 1.5,
"read_timeout": 1.5
},
"upgrade.disable-web": true,
"maintenance_window_start": 1,
"app_install_overwrite": [],
"mail_smtpmode": "smtp",
"mail_smtpsecure": "ssl",
"mail_sendmailmode": "smtp",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauth": true,
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "465",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"mail_smtptimeout": 30,
"default_phone_region": "DE",
"loglevel": 1,
"logfile": "\/config\/log\/nextcloud.log",
"defaultapp": "",
"debug": false,
"forbidden_filename_characters": [
"<",
">",
":",
"\"",
"|",
"?",
"*",
"\\",
"\/"
],
"forbidden_filename_extensions": [
" ",
".",
".filepart",
".part"
],
"maintenance": false,
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"forbidden_filename_basenames": [
"con",
"prn",
"aux",
"nul",
"com0",
"com1",
"com2",
"com3",
"com4",
"com5",
"com6",
"com7",
"com8",
"com9",
"com\u00b9",
"com\u00b2",
"com\u00b3",
"lpt0",
"lpt1",
"lpt2",
"lpt3",
"lpt4",
"lpt5",
"lpt6",
"lpt7",
"lpt8",
"lpt9",
"lpt\u00b9",
"lpt\u00b2",
"lpt\u00b3"
]
}
}
Browser
Operating system: Windows