Hi Richard, thanks for the reply. I had no awareness of this but it
makes things a lot clearer.
Trying the stock browser (or Chrome, you never know) doesn't help
matters. Nor does importing my CA cert into the Android security
manager. This shouldn't surprise me because the server cert I'm using
is invalid in another way: it's not hostname-specific (it names the
parent domain only).
I can try making a wildcard cert, but if SNI isn't accepted, will that be?
What is the SNI issue about anyway? I do seem to recall reading a doc
or bug that dealt with this, but I can't put my hand to it now. If
neither SNI nor a wildcard cert will work I may be SOL, because
name-based virtual hosting is the only option I have available
(AFAICT), as the server IP won't be consistent (depending whether the
client is or isn't on the local subnet). Not sure based on that
whether I can make a cert that Android will be happy enough with.
I'll try cooking up a wildcard cert in the meantime and see if that
does the job, I was meaning to do it anyway at some point.
Thanks,
Robin Bankhead
Quoting Richard Newman <rnew...@mozilla.com>:
Bear in mind that Sync on Android, being an Android SyncAdapter, doesn't
use Gecko's own network stack. Adding your self-signed cert inside Firefox
by browsing is not enough to make Sync use it.
Try doing the same via the Android stock browser, which uses the system
cert store.
You also need to make sure that your service doesn't use SNI.
On Mon, May 11, 2015 at 5:08 AM, Robin Bankhead <ro...@headbank.co.uk>
wrote:
Hello,
I've gotten a self-hosted sync-1.5/fxa stack operational across multiple
desktop clients, but have hit a problem trying to add an Android client
(Fennec 37 on Galaxy SIII, Android Jelly Bean).
I've installed callahad's fxa-custom-server-addon and entered my
self-hosted auth-server and token-server URLs, which are then visible on
the signup and signin screens, but when attempting to sign in I get the
error: "unable to connect to network". This comes up after a couple of
seconds the first time, then instantly (cached?) thereafter.
There are no problems with the phone's connection when doing this,
verified on 3G and wifi. I also wiped all of fennec's cache and stored
data via the Android Application Manager but this did not help.
I am able to go through signin, culminating in a success message, by
navigating to https://my-content-server.dom/signin so the server-side
seems all well.
My servers are all proxied through Apache so the external URLs I gave to
the addon are like:
https://fxa.mydomain.dom/v1
https://ffsync.mydomain.dom/token/1.0/sync/1.5
Only other comment is that the servers all use a self-signed certificate,
but I have made the appropriate exceptions in Fennec before attempting the
signin.
I will return with some adb logging once I have that worked out, but in
the meantime if anyone can suggest where the issue might lie from any of
the above, I'd be grateful.
Thanks,
Robin Bankhead
_______________________________________________
Sync-dev mailing list
Sync-dev@mozilla.org
https://mail.mozilla.org/listinfo/sync-dev
_______________________________________________
Sync-dev mailing list
Sync-dev@mozilla.org
https://mail.mozilla.org/listinfo/sync-dev
