LDAP SSL error on Android 5.0.1
Hello!
I think I may have found a bug, but I'm not sure.
I have a non-rooted Verizon Galaxy S4 running Android 5.0.1, on which I am trying to set up a connection to an LDAP server via "Settings" > "Accounts" > "Add account" > "LDAP". The LDAP server is running Sun DSEE 6.3.1.1.1, requires SSL for client connections, and has a valid CA-signed SSL certificate which is not expired. I input the required information on the LDAP settings screen and check the box to use SSL, but when I attempt to verify the connection, it fails. Logcat shows that it is failing on an SSLHandshakeException (I can post the full stack trace if needed). The LDAP server shows the following when the phone attempts to connect:
SSL error -8181 (Peer's Certificate has expired.); unauthenticated client CN=vinod,OU=siso,O=siso,L=bangalore,ST=ka,C=in,E=vin<at>had<dot>com; issuer CN=vinod,OU=siso,O=siso,L=bangalore,ST=ka,C=in,E=vin<at>had<dot>com
(I had to use <at> and <dot> to avoid an error about posting links on this forum).
No other client has any trouble connecting to the LDAP server, nor does the openssl command from a Linux host. Indeed, a packet capture shows the LDAP server returning it's SSL certificate to the phone, and then the phone sending this bizarre certificate back to the server, which apparently the server believes is invalid. I can also post the captured packets is needed.
Does anyone know if this can be resolved? Given that everything else works fine with the LDAP server, it seems that this is almost certainly an issue with the LDAP app or default certificate on the phone and not with the server. Any suggestions are greatly appreciated.
Thanks!
Hello!
I think I may have found a bug, but I'm not sure.
I have a non-rooted Verizon Galaxy S4 running Android 5.0.1, on which I am trying to set up a connection to an LDAP server via "Settings" > "Accounts" > "Add account" > "LDAP". The LDAP server is running Sun DSEE 6.3.1.1.1, requires SSL for client connections, and has a valid CA-signed SSL certificate which is not expired. I input the required information on the LDAP settings screen and check the box to use SSL, but when I attempt to verify the connection, it fails. Logcat shows that it is failing on an SSLHandshakeException (I can post the full stack trace if needed). The LDAP server shows the following when the phone attempts to connect:
SSL error -8181 (Peer's Certificate has expired.); unauthenticated client CN=vinod,OU=siso,O=siso,L=bangalore,ST=ka,C=in,E=vin<at>had<dot>com; issuer CN=vinod,OU=siso,O=siso,L=bangalore,ST=ka,C=in,E=vin<at>had<dot>com
(I had to use <at> and <dot> to avoid an error about posting links on this forum).
No other client has any trouble connecting to the LDAP server, nor does the openssl command from a Linux host. Indeed, a packet capture shows the LDAP server returning it's SSL certificate to the phone, and then the phone sending this bizarre certificate back to the server, which apparently the server believes is invalid. I can also post the captured packets is needed.
Does anyone know if this can be resolved? Given that everything else works fine with the LDAP server, it seems that this is almost certainly an issue with the LDAP app or default certificate on the phone and not with the server. Any suggestions are greatly appreciated.
Thanks!