CAcert certificate - validation error ?

43 views
Skip to first unread message

ol-cassiopea

unread,
Dec 17, 2011, 4:21:13 PM12/17/11
to caldav4j, oli...@cassiopea.org
hello,

I'm trying to use caldav4j on a recently flashed phone cyanogenmod7
and this caldav4j to acces a working DAViCal server, in https with a
certificate signed throegh CAcert.org certification process.
I installed the CAcert certificates on the phone using the provided
basic android setting option to import certificates from sdcard and so
f.ex. the browser no longer complain about security...
but in the caldav4j CalDAV control pannel, when trying to create a new
synch calendar, I still get the same error : [...] trust anchor for
certification path not found

so what I think is possibly happening is that the phone is not
refering to the imported certificate for all apps, only a few like the
browser, and caldav4j doesn't recognise that CAcert root certificate
but has no bypass procedure... am I right ?

in other android applications like CALdav , it is perfectly possible
to reach the server and synchronise, although there is the option to
ignore/bypass the security warning if the certificate is not
recognised.

is there a way to make caldav4j CAcert.org friendly ?

actually as a community IT service association, we are looking to
deploy integrated shared calendars for our member organisations. a GPL
client for android would be a great addition.

thanks a lot,

Olivier
for cassiopea.org

Roberto Polli

unread,
Dec 17, 2011, 5:17:56 PM12/17/11
to cald...@googlegroups.com


Il giorno 17/dic/2011 23:06, "ol-cassiopea" <oge...@gmail.com> ha scritto:
>
> hello,
>
> I'm trying to use caldav4j on a recently flashed phone cyanogenmod7

Do you mean the android caldav connector?
Or the caldav library? Which release?

> and this caldav4j to acces a working DAViCal server, in https with a
> certificate signed throegh CAcert.org certification process.
> I installed the CAcert certificates on the phone using the provided
> basic android setting option to import certificates from sdcard and so
> f.ex. the browser no longer complain about security...
> but in the caldav4j CalDAV control pannel, when trying to create a new
> synch calendar, I still get the same error : [...] trust anchor for
> certification path not found
>
> so what  I think is possibly happening is that the phone is not
> refering to the imported certificate for all apps, only a few like the
> browser, and caldav4j doesn't recognise that CAcert root certificate

Afaik Caldav4j does not validate certs. Java does.

> but has no bypass procedure... am I right ?

no by pass: you have to write a patch to skip ssl validation

>  there is the option to
> ignore/bypass the security warning if the certificate is not
> recognised.

write a patch

> is there a way to make caldav4j CAcert.org friendly ?

Let java recognise it

> actually as a community IT service association, we are looking to
> deploy integrated shared calendars for our member organisations. a GPL
> client for android would be a great addition.

If you are interested in developing the connector we can start a discussion!

Peace, Rob

>
> thanks a lot,
>
> Olivier
> for cassiopea.org
>

> --
> You received this message because you are subscribed to the Google Groups "caldav4j" group.
> To post to this group, send email to cald...@googlegroups.com.
> To unsubscribe from this group, send email to caldav4j+u...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/caldav4j?hl=en.
>

ol-cassiopea

unread,
Dec 26, 2011, 9:42:28 AM12/26/11
to caldav4j, oli...@cassiopea.org


On 17 déc, 23:17, Roberto Polli <robipo...@gmail.com> wrote:
> Il giorno 17/dic/2011 23:06, "ol-cassiopea" <oge...@gmail.com> ha scritto:
>
> > hello,
>
> > I'm trying to use caldav4j on a recently flashed phone cyanogenmod7
>
> Do you mean the android caldav connector?
> Or the caldav library? Which release?

I tested the android caldav connector, the apk from this
code.google.com

I tried to build it for android 2.3 with eclipse, but it seems a lot
of errors like "Ace cannot be resolved to a type AceUtils.java /
caldav4j/src/org/osaf/caldav4j/util line 17 Java Problem" appears and
must be first resolved to permit work on the code.
It is I suppose primeraly java config as it was first coded for a
prior version of Android, but I'm not java coder so I cannot
personnaly help.

We actually don't have that kind of java ressource person at hand so
unfortunately I think we cannot contribue much to this.


>
> > and this caldav4j to acces a working DAViCal server, in https with a
> > certificate signed throegh CAcert.org certification process.
> > I installed the CAcert certificates on the phone using the provided
> > basic android setting option to import certificates from sdcard and so
> > f.ex. the browser no longer complain about security...
> > but in the caldav4j CalDAV control pannel, when trying to create a new
> > synch calendar, I still get the same error : [...] trust anchor for
> > certification path not found
>
> > so what  I think is possibly happening is that the phone is not
> > refering to the imported certificate for all apps, only a few like the
> > browser, and caldav4j doesn't recognise that CAcert root certificate
>
> Afaik Caldav4j does not validate certs. Java does.
>

As I could read afterward, it seems also that basicaly android is very
narrowly managing certificates and that probably Android 4.0 is far
better than 2.3 on that point.
lot's of people are complaining and even top level certificate agents
loose their way in how this is managed apparently ...

> > but has no bypass procedure... am I right ?
>
> no by pass: you have to write a patch to skip ssl validation

it would actualy be the best route to take for now for Android =<2.3
for short term, then a specific patch to manage the certificate if
possible. (other apps just skip certificate)
>
> >  there is the option to
> > ignore/bypass the security warning if the certificate is not
> > recognised.
>
> write a patch
>
> > is there a way to make caldav4j CAcert.org friendly ?
>
> Let java recognise it
>
> > actually as a community IT service association, we are looking to
> > deploy integrated shared calendars for our member organisations. a GPL
> > client for android would be a great addition.
>
> If you are interested in developing the connector we can start a discussion!

As said above, sorry, no such ressource here for now, will submit the
idea to some other people around in case...
just a patch to skip the error would be appreciated,

have a prosperous year

Olivier

Roberto Polli

unread,
Dec 26, 2011, 11:42:18 AM12/26/11
to cald...@googlegroups.com
Hi,


2011/12/26 ol-cassiopea <oge...@gmail.com>:
> I tried to build it for android 2.3 with eclipse...prior version of Android...
yes, we have to rewrite it for newer android releases!

> We actually don't have that kind of java ressource person at hand so
> unfortunately I think we cannot contribue much to this.

Actually I maintain the core caldav4j library but I hope that we could
find somebody to care for that.

Maybe the best way is to sponsor somebody to write your patch. If
you're interested in such work I could try to find somebody

Happy New Year + Peace,
R.

Reply all
Reply to author
Forward
0 new messages