1. d_a_parker's Avatar

    I think I may have found a bug, but I'm not sure.

    I have a non-rooted Verizon Galaxy S4 running Android 5.0.1, on which I am trying to set up a connection to an LDAP server via "Settings" > "Accounts" > "Add account" > "LDAP". The LDAP server is running Sun DSEE, requires SSL for client connections, and has a valid CA-signed SSL certificate which is not expired. I input the required information on the LDAP settings screen and check the box to use SSL, but when I attempt to verify the connection, it fails. Logcat shows that it is failing on an SSLHandshakeException (I can post the full stack trace if needed). The LDAP server shows the following when the phone attempts to connect:

    SSL error -8181 (Peer's Certificate has expired.); unauthenticated client CN=vinod,OU=siso,O=siso,L=bangalore,ST=ka,C=in,E=vin<at>had<dot>com; issuer CN=vinod,OU=siso,O=siso,L=bangalore,ST=ka,C=in,E=vin<at>had<dot>com

    (I had to use <at> and <dot> to avoid an error about posting links on this forum).

    No other client has any trouble connecting to the LDAP server, nor does the openssl command from a Linux host. Indeed, a packet capture shows the LDAP server returning it's SSL certificate to the phone, and then the phone sending this bizarre certificate back to the server, which apparently the server believes is invalid. I can also post the captured packets is needed.

    Does anyone know if this can be resolved? Given that everything else works fine with the LDAP server, it seems that this is almost certainly an issue with the LDAP app or default certificate on the phone and not with the server. Any suggestions are greatly appreciated.

    07-28-2015 03:30 PM
  2. Rukbat's Avatar
    Does it work with any other Android phone running 5.0.1?

    If so, does it work with any other Samsung phone running 5.0.1?

    That will localize it to an Android problem, a Samsung problem or just a difference in certificate handling. ("Standard" - that means "something to be ignored", doesn't it?) Since KitKAt, Android wifi has been having a problem with TKIP - with some manufacturers - so I wouldn't be surprised if, due to the fact that almost no one (I'm guessing) uses LDAP with a cellphone, they probably didn't do extensive tests on all different LDAP servers. It probably works on OpenLDAP, and they didn't go any further in testing.
    07-28-2015 04:06 PM
  3. d_a_parker's Avatar
    Thanks for the suggestions. I'll have to hunt around and see if anyone I know has a phone running 5.0.1. I'm not really sure if non-Samsung phones will even have this LDAP settings screen, though. The stack trace in logcat showed a lot of classes in the com.samsung.ldapInterface package. I'll try to find at least one Samsung and non-Samsung running 5.0.1 or higher and see what happens. I'll post my results if I can find test devices.
    07-29-2015 08:58 AM

Similar Threads

  1. Replies: 2
    Last Post: 09-17-2019, 09:18 PM
  2. Replies: 10
    Last Post: 08-17-2016, 12:35 AM
  3. System Error
    By BriniaSona in forum Android 5.0 Lollipop
    Replies: 1
    Last Post: 07-29-2015, 04:13 AM
  4. Replies: 1
    Last Post: 07-28-2015, 04:15 PM
  5. Why can't I take a screenshot on my LG 7.0 pad?
    By AC Question in forum LG G Pad 7.0
    Replies: 0
    Last Post: 07-28-2015, 02:04 PM