I use ttrss with desktop client, with certificate auth, both server and client.
On desktop computer, client certificate is installed in browser, and it logins ok.
(nginx log):
x.x.x.x - - [06/Dec/2018:18:14:30] “POST /backend.php HTTP/2.0” 200 72 “Client DN” CN=client-certificate “-” “Mozilla/5.0 (…)”
and it works fine. Even certificate-based login, without password.
I try to use mobile app TTRSS-Reader
I have no Google Apps on smartphone, so it was taken from f-droid, ver. 5.dec.2018
In Preferences - SSL settings, I select
Use client certificate? - YES
Client certificate - I select the same, installed on smartphone (CA chain is ok).
but it doesn’t present client certificate to server and can’t connect. In server log:
x.x.x.x - - [06/Dec/2018:18:49:26] “POST /api/ HTTP/1.1” 403 146 “Client DN” - “-” “Dalvik/2.1.0 (Linux; U; Android 8.1.0; (…)”
field “Client DN” is empty - certificate not send to server
403 - is an error, that server retuns if certificate not present
if ($ssl_client_verify != SUCCESS) { return 403; }
in nginx site config
also, in settings
I try to select/unselect all other options (SSL, Trust all hosts, Custom keystore,…) but no effect
hardware server, centos 7, postgresql 11, php 7.2, nginx 1.15.7, tt-rss git ver 17.nov.2018