Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: 3.15.x asks to log in on every start (client certificate) #7762

Open
4 of 8 tasks
brdns opened this issue Jan 16, 2025 · 0 comments
Open
4 of 8 tasks

[Bug]: 3.15.x asks to log in on every start (client certificate) #7762

brdns opened this issue Jan 16, 2025 · 0 comments
Labels
0. Needs triage bug

Comments

@brdns
Copy link

brdns commented Jan 16, 2025
edited
Loading

⚠️ Before submitting, please verify the following: ⚠️

Bug description

Hello, I am also experiencing this issue with desktop client 3.15.3 on Windows 11. There’s probably a link with the recent migration to Qt6 and the previous QtKeychain implementation in the client. That feature has not been updated since the first release so I’m tagging the most recent contributor to the file httpcredentials.cpp @mgallien and the original contributor @ckamm.

The initial connection works well while providing the PKCS#12 client certificate and the password. It seems there’s a mismatch where the certificate bundle is either not properly saved in the keychain or is not fetched correctly on the next login :

https://github.com/nextcloud/desktop/blob/master/src/libsync/creds/httpcredentials.cpp#L440

It seems the client certificate is found, but its password was not correctly saved and can’t be found on following attempts to login.

[ warning qt.core.qobject.connect unknown:0 ]:	QObject::connect(QNetworkInformation, OCC::Application): invalid nullptr parameter
[ warning qt.qml.context unknown:0 ]:	qrc:/qml/src/gui/tray/CurrentAccountHeaderButton.qml:84:13 Parameter "index" is not declared. Injection of parameters into signal handlers is deprecated. Use JavaScript functions with formal parameters instead.
[ warning qt.qml.context unknown:0 ]:	qrc:/qml/src/gui/tray/CurrentAccountHeaderButton.qml:85:13 Parameter "object" is not declared. Injection of parameters into signal handlers is deprecated. Use JavaScript functions with formal parameters instead.
[ info nextcloud.gui.account.state C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\gui\accountstate.cpp:285 ]:	check connectivity
[ info nextcloud.sync.credentials.webflow C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\gui\creds\webflowcredentials.cpp:139 ]:	Fetch from keychain!
[ info nextcloud.gui.folder.navigationpane C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\gui\navigationpanehelper.cpp:110 ]:	Explorer Cloud storage provider: saving path "C:\\Users\\User\\Nextcloud" to CLSID "{myid}"
[ warning nextcloud.sync.credentials.keychainchunk C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\libsync\creds\keychainchunk.cpp:360 ]:	Unable to read "Nextcloud__clientCertificatePEM:https://myserver.com/:0" chunk "0" "Password entry not found"
[ info nextcloud.gui.folderwatcher C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\gui\folderwatcher.cpp:252 ]:	Detected changes in paths: QSet("C:/Users/User/Nextcloud/.nextcloudsync.log")
[ warning nextcloud.sync.credentials.keychainchunk C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\libsync\creds\keychainchunk.cpp:360 ]:	Unable to read "Nextcloud__clientKeyPEM:https://myserver.com/:0" chunk "0" "Password entry not found"
[ warning nextcloud.sync.credentials.webflow C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\gui\creds\webflowcredentials.cpp:463 ]:	Unable to read client key "Password entry not found"
[ warning nextcloud.sync.credentials.keychainchunk C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\libsync\creds\keychainchunk.cpp:360 ]:	Unable to read "Nextcloud__clientCaCertificatePEM0:https://myserver.com/:0" chunk "0" "Password entry not found"
[ warning nextcloud.sync.credentials.webflow C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\gui\creds\webflowcredentials.cpp:504 ]:	Unable to read client CA cert slot "0" "Password entry not found"
[ warning nextcloud.sync.credentials C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\libsync\creds\abstractcredentials.cpp:42 ]:	Error: User is empty!
[ warning nextcloud.sync.credentials.webflow C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\gui\creds\webflowcredentials.cpp:537 ]:	Strange: User is empty!

[ warning nextcloud.sync.networkjob C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\libsync\abstractnetworkjob.cpp:223 ]:	QNetworkReply::UnknownNetworkError "Erreur lors de la lecture : error:0A00045C:SSL routines::tlsv13 alert certificate required" QVariant(Invalid)
[ warning nextcloud.sync.credentials.webflow C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\gui\creds\webflowcredentials.cpp:207 ]:	QNetworkReply::UnknownNetworkError
[ warning nextcloud.sync.credentials.webflow C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\gui\creds\webflowcredentials.cpp:208 ]:	"Erreur lors de la lecture : error:0A00045C:SSL routines::tlsv13 alert certificate required"
[ info nextcloud.sync.accessmanager C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\libsync\accessmanager.cpp:67 ]:	2 "" "https://myserver.com/status.php" has X-Request-ID "mysecretid"
[ info nextcloud.sync.networkjob C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\libsync\abstractnetworkjob.cpp:365 ]:	OCC::CheckServerJob created for "https://myserver.com" + "status.php" "OCC::ConnectionValidator"
[ info nextcloud.sync.credentials.webflow C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\gui\creds\webflowcredentials.cpp:405 ]:	request finished
[ warning nextcloud.sync.networkjob C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\libsync\abstractnetworkjob.cpp:223 ]:	QNetworkReply::UnknownNetworkError "Erreur lors de la lecture : error:0A00045C:SSL routines::tlsv13 alert certificate required" QVariant(Invalid)
[ warning nextcloud.sync.credentials.webflow C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\gui\creds\webflowcredentials.cpp:207 ]:	QNetworkReply::UnknownNetworkError
[ warning nextcloud.sync.credentials.webflow C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\gui\creds\webflowcredentials.cpp:208 ]:	"Erreur lors de la lecture : error:0A00045C:SSL routines::tlsv13 alert certificate required"
[ warning nextcloud.sync.networkjob.checkserver C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\libsync\networkjobs.cpp:546 ]:	error: status.php replied  0 ""
[ warning nextcloud.sync.connectionvalidator C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\gui\connectionvalidator.cpp:163 ]:	QNetworkReply::UnknownNetworkError "Erreur lors de la lecture : error:0A00045C:SSL routines::tlsv13 alert certificate required" "Erreur lors de la lecture : error:0A00045C:SSL routines::tlsv13 alert certificate required" ""
[ warning nextcloud.sync.credentials.webflow C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\gui\creds\webflowcredentials.cpp:207 ]:	QNetworkReply::UnknownNetworkError
[ warning nextcloud.sync.credentials.webflow C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\gui\creds\webflowcredentials.cpp:208 ]:	"Erreur lors de la lecture : error:0A00045C:SSL routines::tlsv13 alert certificate required"
[ info nextcloud.gui.folder.manager C:\Users\User\AppData\Local\Temp\windows-27802\client-building\desktop\src\gui\folderman.cpp:813 ]:	Account "Me@myserver" disconnected or paused, terminating or descheduling sync folders

Steps to reproduce

  1. Successful login with a client certificate
  2. Restart the client or reboot the device
  3. App has forgotten the client certificate password and does not prompt for it, account is disconnected
  4. Removing the account and connecting again results in the app asking for the client certificate password as successful login

Expected behavior

Client certificate file and password should be stored across client restarts and device reboots.

Which files are affected by this bug

httpcredentials.cpp

Operating system

Windows

Which version of the operating system you are running.

Windows 11 24h2

Package

Official Windows MSI

Nextcloud Server version

30.0.5

Nextcloud Desktop Client version

3.15.3

Is this bug present after an update or on a fresh install?

Fresh desktop client install

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

Are you using an external user-backend?

  • Default internal user-backend
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Nextcloud Server logs

No server logs since the reverse proxy forbids connection to Nextcloud server because it is not presented with a client certificate.

Additional info

Thank you so much for this great piece of software !!!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0. Needs triage bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@brdns