Bug 149921 - WebDAV TLS not working with self signed CA and host cert
Summary: WebDAV TLS not working with self signed CA and host cert
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
Version:
(earliest affected)
7.3.0.3 release
Hardware: All Windows (All)
: medium normal
Assignee: Michael Stahl (allotropia)
URL:
Whiteboard: target:7.5.0 target:7.4.1 target:7.3.6
Keywords:
: 147988 (view as bug list)
Depends on:
Blocks:
 
Reported: 2022-07-08 17:30 UTC by Michael Stahl (allotropia)
Modified: 2022-08-22 07:38 UTC (History)
2 users (show)

See Also:
Crash report or crash signature:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Stahl (allotropia) 2022-07-08 17:30:38 UTC
there seems to be some issue with curl TLS on Windows too.

https://bugs.documentfoundation.org/show_bug.cgi?id=147250#c11

to install the certificate, rename it to ".crt", click on it, "Install Certificate", either option, place in "Trusted Root Certification Authorities".

here i get this output:

warn:ucb.ucp.webdav.curl:6796:6568:ucb/source/ucp/webdav-curl/CurlSession.cxx:946: curl_easy_perform failed: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.
Comment 1 krupka 2022-08-10 11:04:05 UTC

It is not possible to open odt per https link in other document nor from webdav with secure connection, if the ca of the certificate of the server ist internal.


Version: 7.3.4.2 (x64) / LibreOffice Community
Build ID: 728fec16bd5f605073805c3c9e7c4212a0120dc5
CPU threads: 2; OS: Windows 10.0 Build 19044; UI render: Skia/Raster; VCL: win
Locale: de-DE (de_DE); UI: de-DE
Calc: threaded
Comment 2 Michael Stahl (allotropia) 2022-08-10 13:39:47 UTC
*** Bug 147988 has been marked as a duplicate of this bug. ***
Comment 3 krupka 2022-08-11 06:41:44 UTC
today i learned much things :)

i get a bibisect of this bug


PS W:\git\bibisect-win64-7.3> instdir\program\soffice 'https://intranet.domain.lan/path/doc.odt'
*   Trying 10.1.0.67:443...
* Connected to intranet.domain.lan (10.1.0.67) port 443 (#0)
* schannel: disabled automatic use of client certificate
* schannel: ALPN, offering http/1.1
* schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - Die Sperrfunktion konnte keine Sperrpr³fung f³r das Zertifikat durchf³hren.
* Closing connection 0
PS W:\git\bibisect-win64-7.3> git bisect bad
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[78a527ff1f3c83107c4fb0dac7736a954521dd18] source c2a581ffc1f4e3888c5c243932b71c3d96e8ba8f
PS W:\git\bibisect-win64-7.3> instdir\program\soffice 'https://intranet.domain.lan/path/doc.odt'
PS W:\git\bibisect-win64-7.3> git bisect good b49e38899c215cf46bd148ba0a4302bc8545bb6b is the first bad commit
commit b49e38899c215cf46bd148ba0a4302bc8545bb6b
Author: Norbert Thiebaud <nthiebaud@gmail.com>
Date:   Tue Nov 23 12:30:56 2021 -0800

    source bdef11f5337ecc87556a92693f6b7b5e200eb29e

    source bdef11f5337ecc87556a92693f6b7b5e200eb29e

 instdir/program/services/services.rdb           |   2 +-
 instdir/program/setup.ini                       |   2 +-
 instdir/program/ucpdav1.dll                     | Bin 503808 -> 556032 bytes
 instdir/program/version.ini                     |   2 +-
 instdir/share/config/images_breeze.zip          | Bin 1899310 -> 1899310 bytes
 instdir/share/config/images_breeze_dark.zip     | Bin 1894983 -> 1894983 bytes
 instdir/share/config/images_breeze_dark_svg.zip | Bin 1576337 -> 1576337 bytes
 instdir/share/config/images_breeze_svg.zip      | Bin 1573811 -> 1573811 bytes
 instdir/share/config/images_colibre.zip         | Bin 2755243 -> 2755243 bytes
 instdir/share/config/images_colibre_svg.zip     | Bin 2897622 -> 2897622 bytes
 instdir/share/config/images_elementary.zip      | Bin 4210016 -> 4210016 bytes
 instdir/share/config/images_elementary_svg.zip  | Bin 5536086 -> 5536086 bytes
 instdir/share/config/images_karasa_jaga.zip     | Bin 4848799 -> 4848799 bytes
 instdir/share/config/images_karasa_jaga_svg.zip | Bin 19333072 -> 19333072 bytes
 instdir/share/config/images_sifr.zip            | Bin 2116991 -> 2116991 bytes
 instdir/share/config/images_sifr_dark.zip       | Bin 2118929 -> 2118929 bytes
 instdir/share/config/images_sifr_dark_svg.zip   | Bin 1767692 -> 1767692 bytes
 instdir/share/config/images_sifr_svg.zip        | Bin 1763795 -> 1763795 bytes
 instdir/share/config/images_sukapura.zip        | Bin 3051091 -> 3051091 bytes
 instdir/share/config/images_sukapura_svg.zip    | Bin 4370432 -> 4370432 bytes
 20 files changed, 3 insertions(+), 3 deletions(-)
Comment 4 Timur 2022-08-11 08:54:46 UTC
That commit is: 
author	Michael Stahl <michael.stahl@allotropia.de>	Oct 11 2021 
configure: default to --with-webdav=curl

I don't have WebDAV to test but I guess we may put to New.
Comment 5 Commit Notification 2022-08-15 08:35:11 UTC
Michael Stahl committed a patch related to this issue.
It has been pushed to "master":

https://git.libreoffice.org/core/commit/f6a0ca0e92e41ad8fea71acdacdc7ec5e775dc59

tdf#149921 ucb: webdav-curl: WNT: certificate revocation check

It will be available in 7.5.0.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 6 Michael Stahl (allotropia) 2022-08-15 09:18:57 UTC
the problem was that the revocation of the self-signed certificate could not be checked, because there is no way to check it.

hope it's fixed now.
Comment 7 Commit Notification 2022-08-15 11:16:47 UTC
Michael Stahl committed a patch related to this issue.
It has been pushed to "libreoffice-7-4":

https://git.libreoffice.org/core/commit/413ce31fd190a39c91204c350edf45a5ea5eb114

tdf#149921 ucb: webdav-curl: WNT: certificate revocation check

It will be available in 7.4.1.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 8 Commit Notification 2022-08-15 11:18:12 UTC
Michael Stahl committed a patch related to this issue.
It has been pushed to "libreoffice-7-3":

https://git.libreoffice.org/core/commit/2ed2dd065cda11f02da8fe9869e25e5b1e46dfd1

tdf#149921 ucb: webdav-curl: WNT: certificate revocation check

It will be available in 7.3.6.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 9 krupka 2022-08-22 07:38:34 UTC
Hello Michael,

Version: 7.4.1.0.0+ (x64) / LibreOffice Community
Build ID: 6462bd8bca3d7c89e1dbf7c97ca6dc9056472992
CPU threads: 2; OS: Windows 10.0 Build 19044; UI render: Skia/Raster; VCL: win
Locale: de-DE (de_DE); UI: de-DE
Calc: threaded

this build fixes this bug. Many thanks.

Regards
/jk