Uploaded image for project: 'Couchbase Lite'
  1. Couchbase Lite
  2. CBL-1984

[Backport] Support domain specific server authentication

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Test Blocker
    • Resolution: Fixed
    • Affects Version/s: 2.8.1
    • Fix Version/s: 2.8.6
    • Component/s: Java-Android
    • Security Level: Public
    • Labels:
      None
    • Sprint:
      Blake 49
    • Story Points:
      3

      Description

      To my complete amazement, we did support domain specific server authentication, in v2.7 and broke it in 2.8.

      Conscrypt, the subsystem to which OkHttp delegates for TLS authentication, attempts to call a method with the signature checkServerTrusted (X509Certificate[], String, String), by reflection. In 2.7 we used Android's default trust manager, which did have such a method. In 2.8, to support our new Listener modes, we install our own custom trust manager and proxy most calls to the default. Our custom trust manager, however, does not have the method. Conscrypt falls back to using the default method checkServerTrusted (X509Certificate[], String), which fails if the app has a network-security-config.

      I believe that this fix is, simply, to add the missing signature and to proxy it to the default manager.

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

            Hide
            blake.meike Blake Meike added a comment -

            Done in couchbase-lite-java-ee-root @ a8253e7ca834486faf1a3

            Show
            blake.meike Blake Meike added a comment - Done in couchbase-lite-java-ee-root @ a8253e7ca834486faf1a3
            Hide
            blake.meike Blake Meike added a comment -

            Done

            Show
            blake.meike Blake Meike added a comment - Done

              People

              Assignee:
              blake.meike Blake Meike
              Reporter:
              blake.meike Blake Meike
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes

                    PagerDuty