Tiny Tiny RSS: Community

X509 certificate problem


I use ttrss with desktop client, with certificate auth, both server and client.

On desktop computer, client certificate is installed in browser, and it logins ok.
(nginx log):

x.x.x.x - - [06/Dec/2018:18:14:30] “POST /backend.php HTTP/2.0” 200 72 “Client DN” CN=client-certificate “-” “Mozilla/5.0 (…)”

and it works fine. Even certificate-based login, without password.

I try to use mobile app TTRSS-Reader
I have no Google Apps on smartphone, so it was taken from f-droid, ver. 5.dec.2018

In Preferences - SSL settings, I select

Use client certificate? - YES
Client certificate - I select the same, installed on smartphone (CA chain is ok).

but it doesn’t present client certificate to server and can’t connect. In server log:

x.x.x.x - - [06/Dec/2018:18:49:26] “POST /api/ HTTP/1.1” 403 146 “Client DN” - “-” “Dalvik/2.1.0 (Linux; U; Android 8.1.0; (…)”

field “Client DN” is empty - certificate not send to server

403 - is an error, that server retuns if certificate not present
if ($ssl_client_verify != SUCCESS) { return 403; }
in nginx site config

also, in settings
I try to select/unselect all other options (SSL, Trust all hosts, Custom keystore,…) but no effect

hardware server, centos 7, postgresql 11, php 7.2, nginx 1.15.7, tt-rss git ver 17.nov.2018


why not contact app developer with your problem?


and this is not yours???

I see it on https://fakecake.org/fdroid/, then find on https://f-droid.org/en/packages/org.ttrssreader/

ups, sorry :))


TTRSS-ReaderTiny Tiny RSS