Bug 5136 - Chrome on iOS doesn't behave well with self-signed certificates
Summary: Chrome on iOS doesn't behave well with self-signed certificates
Status: CLOSED WONTFIX
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Other (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.11.0
Assignee: Bugzilla mail exporter
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-05-12 14:35 CEST by Henrik Andersson
Modified: 2019-10-01 13:09 CEST (History)
1 user (show)

See Also:
Acceptance Criteria:


Attachments

Description Henrik Andersson cendio 2014-05-12 14:35:56 CEST
Loading any served page ends in endless loading of resources, page never get loaded successfully. This is probably a problem in tlstunnel which is used for both tlwebaccess and tlwebadm service.
Comment 1 Samuel Mannehed cendio 2014-06-02 14:45:51 CEST
Can't reproduce with Chrome 35 on iPad Mini with iOS 7.1.1
Comment 2 Henrik Andersson cendio 2014-10-09 15:14:09 CEST
Retested and Chrome 38 on iPad Mini with iOS 8.0.2 and it seems like websocket doesn't work (endless connection to agent).

Server certificate installed from safari browser and HTML5 client is working ok.
Comment 3 Henrik Andersson cendio 2014-10-09 15:15:31 CEST
We should probably add a platform specific note for this.
Comment 4 Henrik Andersson cendio 2014-10-09 15:49:00 CEST
(In reply to comment #2)
> Retested and Chrome 38 on iPad Mini with iOS 8.0.2 and it seems like websocket
> doesn't work (endless connection to agent).
> 
> Server certificate installed from safari browser and HTML5 client is working
> ok.

Tested against eudemo and it works as expected, so this issue is related to selfsigned / untrusted root ca certificates and safari and chrome seems not to use the same data store for user added ca certs.
Comment 5 Henrik Andersson cendio 2014-10-09 15:56:28 CEST
(In reply to comment #4)
> (In reply to comment #2)
> > Retested and Chrome 38 on iPad Mini with iOS 8.0.2 and it seems like websocket
> > doesn't work (endless connection to agent).
> > 
> > Server certificate installed from safari browser and HTML5 client is working
> > ok.
> 
> Tested against eudemo and it works as expected, so this issue is related to
> selfsigned / untrusted root ca certificates and safari and chrome seems not to
> use the same data store for user added ca certs.

Probably related issue: https://code.google.com/p/chromium/issues/detail?id=152584
Comment 6 Pierre Ossman cendio 2016-10-17 11:03:42 CEST
It behaves better now. Certificates in the trust store now work fine in Chrome. The problem is getting the certificates in there as our link does not work. Perhaps it needs to be in DER format, and with a proper mime type?

Either way, our documentation isn't correct and would need to be updated.
Comment 7 Pierre Ossman cendio 2016-10-18 10:29:10 CEST
We could have a look at putting something on our home page until we have a more permanent solution in place.
Comment 8 Pierre Ossman cendio 2019-10-01 13:06:03 CEST
This is a very specific corner case that users don't seem to be hit by in practice. Closing this bug.

Note You need to log in before you can comment on or make changes to this bug.