HTTPS connection doesn't work with self signed certificate

Question

HTTPS connection doesn't work with self signed certificate

semmmmml opened this issue 7 years ago · 13 comments

I copied the API key from the browser and hit test but nothing happens. The test button stays red. I have set a username and password for the GUI but have already tried removing them to see if this solves the problem but it does not. Do I have to enable some settings for the connection to work?

Answer 1 · 2017-03-17T11:11:51.000Z

Is the URL correct to the syncthing instance? No when a syncthing instance is running it should work. The GUI (user/pass) is separate from the API key. You are the first one which is reporting this. Approximate already 1k downloads. I'm not sure what is happening.

Answer 2 · 2017-03-17T11:34:31.000Z

I know, i read all the closed issues before posting in order not to post a stupid question. The URL is correct (I'm using https though but also tried switching it off). I have no idea what is wrong because nothing is happening when i hit test. Is there a way to get feedback from the program in that case? (FYI: I am using MacOS 10.12.3)

Answer 3 · 2017-03-17T12:04:18.000Z

Probably https is the problem because the syncthing self signed certificate is not in the certificate pool of OS X and is not trusted. You should try http and see what happens.

Answer 4 · 2017-03-17T13:55:41.000Z

Yes, https was the problem! Thanks!

Answer 5 · 2017-03-17T14:43:56.000Z

If have renamed the title of the issue and reopened. This should be fixed, at least an error message should be printed to the user! Thanks for reporting.

Answer 6 · 2017-06-25T14:14:32.000Z

Just confirming I had this issue too. Couldn't work out what was wrong until I found this thread. Would be great to have this fixed - ideally to work with https if possible, not just an error message.

I could offer a small amount on Bountysource to see this implemented. Would that be the best way to encourage a fix? :-)

Answer 7 · 2018-04-17T20:04:14.000Z

I'm dusting of this issue, could you verify if it is fixed with latest release? It seems it works now according to https://forum.syncthing.net/t/syncthing-for-macos/2745/14

Answer 8 · 2018-05-16T21:08:52.000Z

tried today, still seems to be an issue with https. the "test api" in the menubar control fails when https is enabled. ok when switched back to http.

Answer 9 · 2018-05-17T15:36:11.000Z

For @virusman and me as a reference about TLS in Objective-C https://developer.apple.com/library/content/documentation/NetworkingInternet/Conceptual/NetworkingTopics/Articles/OverridingSSLChainValidationCorrectly.html.

Answer 10 · 2018-05-19T01:20:55.000Z

Awesome, not a blocker for me. Can use http for the moment. my little cloud boxes are locked down with https. only use this on my laptop to sync.

Answer 11 · 2018-05-19T06:01:29.000Z

I think if you place a reverse HTTP proxy webserver (caddy, nginx) with a lets encrypt certificate in front of http it should work. Because the lets encrypt CA is trusted by OS X. This is theoritical but untested.

Answer 12 · 2018-07-28T21:00:34.000Z

I started fixing this as part of fixing #65, and ended up replacing the (deprecated) NSURLConnection stuff with NSURLSession instead. I then noticed (because this is my first few minutes in the code) that the event listening code is only half the API stuff, there is also corresponding in XGSyncthing. Given that the TLS handling here requires implementing a delegate to do the certificate handling etc it would be nice to do it just once.

Would it make sense to move the event subscription stuff into XGSyncthing and do it all there? Or is there a good reason that's not how it is currently?

Answer 13 · 2018-07-28T21:55:27.000Z

XGSyncthing should be moved back as STClient or something like that. I had an idea to create a Objective-C library to talk to syncthing, thats why it is not prefixed with ST. Indeed the event stuff which talks to the API needs to be in a central place.