Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trusted self singed certificate appears to be ignored #63

Open
chrishoage opened this issue Nov 11, 2024 · 0 comments
Open

Trusted self singed certificate appears to be ignored #63

chrishoage opened this issue Nov 11, 2024 · 0 comments
Labels
needs triage

Comments

@chrishoage
Copy link

I have added the root CA cert that caddy uses for self signed certs to my android device.

Once turning on the hidden setting in Firefox I can hit my Audiobookshelf domain with out issue (this works in Chrome with out any setting)

However the login screen will not allow me to progress when using the https protocol. Forcing the connection to http allows the application to see the instance.

  • This trusted self signed certificate works in the first party ABS app
  • This is not the only app that has this issue (Hoarder, for example has similar issues using additional root CAs)

Please consider either adding an option to disable verifying TLS connections, or, allow reading from additional trusted CAs added to the android device

Steps to reproduce (using Caddy, however this part is irrelevant.) For brevity persistent volumes have been omitted so this compose file is not suitable for production. It is just the simplest way to reproduce the issue.

The Caddyfile presupposes you have audiobookshelf.lan correctly resolving to the docker host. This can be done via editing /etc/hosts on your development environment, or though local DNS.

  1. Create a docker compose with audiobookshelf and caddy
services:
  caddy:
    restart: always
    image: caddy
    container_name: caddy
    hostname: caddy
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
  audiobookshelf:
    image: ghcr.io/advplyr/audiobookshelf:latest
    hostname: audiobookshelf
    container_name: audiobookshelf
  1. Create a Caddyfile that looks like this
http://audiobookshelf.lan, audiobookshelf.lan {
  reverse_proxy http://audiobookshelf
  tls internal
}
  1. docker compose up
  2. Retrieve ./caddy/caddy/pki/authorities/local/root.crt and add to your Android device
  • Settings
  • Security & Privacy
  • More security & privacy
  • Encryption & credentials
  • Install a certificate

Expected behavior

The cert is trusted

Actual behavior

App is unable to connect. Changing to http allows app to connect
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs triage
Projects
Vaani Roadmap
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chrishoage