android - traccar manager - issues with https on android 7.0

JonathanM7 years ago

Hi Anton,

Having issues using the manager to connect back to my stock traccar server (v3.11).

When setting the url to be http I can see the request making it through to the server:
> [07/Jul/2017:14:40:11 +1000] "GET /traccarid/api/server HTTP/1.1" 302 471
The request fails because the server is only accessible over https.

However when trying to use https the app responses with "Server connection failed" with an "OK" button.
I have installed the root and intermediate signing certificates as well as the ssl's certificate itself into the devices cert store in an effort to resolve any issues with the certificate, but the site/url works fine from chrome on the device (and it works really well that way, but do want to give the manager a go).

A request to the same api using chrome from the device shows:
> [07/Jul/2017:14:44:12 +1000] "GET /traccarid/api/server?_dc=xxxxxxxxxx HTTP/1.1" 200 786

Any ideas what could be going wrong ?

PS

The site/certificate is https://infinitedepth.com.au

JonathanM7 years ago

Also to note although the server is using basic auth it doesn't employ it at the traccarid path.

Anton Tananaev7 years ago

The URL that you provided requires authorization. You have to disable it.

JonathanM7 years ago

Hey Anton,

The auth isn't required for the traccar installation.
https://infinitedepth.com.au/traccarid/
And have tested with auth disabled across the site (also no requests are being denied with a 401 in the logs).

Any other ideas on what the issue could be ?

JonathanM7 years ago

Looks like it's connecting to the server, but during the negotiation it's failing on the certificate.

It exchanges keys after a "Client Hello" and a "Server Hello":
https://infinitedepth.com.au/files/traccarid/traccarid-key-exchange.png

Then it fails with a certificate unknown error:
https://infinitedepth.com.au/files/traccarid/traccarid-certificate-unknown.png

So my hunch it was related to the certificates was correct.

I'm going to look at the ssl chain I'm using as it may be ok for browsers but not the out of the box https requests androids making from it's sdk.

In the mean time any thoughts ?

JonathanM7 years ago

Hi Anton,

So sorry for wasting your time.
Someone (<- this guy) while installing the ssl certificate managed to bugger it up and use the wrong intermediate for the chain.
Browsers work as they "know" about the godaddy intermediate, but android does not.

Thanks for your help and the awesome software that is traccar :)