Floccus for iOS rejects Custom Certificates

[sproggit]

Which version of floccus are you using?

5.2.4

How many bookmarks do you have, roughly?

Approx 4000 - Firefox html export is 6.2Mb
** Can I please just add a suggestion in here... It's possible to get a reasonable accurate answer to this question by looking at the "Bookmark" applet on NextCloud [if that is the back end being used]. When I do this I see: "Bookmarks Menu: 3.7K"; "Bookmarks Toolbar: 98"; and "Bookmarks Other: 154" - so I can just add up those numbers for my reply. Might be an idea to put an explainer like that in your submission template.

Are you using other means to sync bookmarks in parallel to floccus?

No

Sync method

Nextcloud Bookmarks

Which browser are you using? In case you are using the phone App, specify the Android or iOS version and device please.

Firefox 127.0.2 for Linux, 64-bit

Which version of Nextcloud Bookmarks are you using? (if relevant)

14.2.2

Which version of Nextcloud? (if relevant)

Hub 8 (29.0.3) - showing as "up to date"

What kind of WebDAV server are you using? (if relevant)

No response

Describe the Bug

I have installed Floccus for iOS (so, so so many thanks for creating it... ) but when I try to connect to my NextCloud server, Floccus refuses. I host my own instance of NextCloud on a dedicated Raspberry Pi... and all my home infrastructure is secured using certificates from a dedicated home CA (DIYCA, available on github). To get seamless access to NextCloud on my Windows and Mint machines I have simply imported my local CA's root certificate - and that works just fine.

Expected Behavior

I suspect that the correct response here would be, "I'm sorry, this is not a Floccus bug, it is a limitation with iOS and Safari. You should try Apple and see if they can help" - and that would be entirely fair. I hope you don't mind my recording this as an issue - I've done so mainly to create a findable issue for anyone hitting the same/similar problem. On the other hand, any suggestions gratefully received.

To Reproduce

Try and use Floccus for iOS against any NextCloud instance protected via a non-Standard CA.

Debug log provided

• I have provided a debug log file

[github-actions]

Hello 👋

Thank you for taking the time to open this issue with floccus. I know it's frustrating when software
causes problems. You have made the right choice to come here and open an issue to make sure your problem gets looked at
and if possible solved.
I'm Marcel and I created floccus and have been maintaining it ever since.
I currently work for Nextcloud which leaves me with less time for side projects like this one
than I used to have.
I still try to answer all issues and if possible fix all bugs here, but it sometimes takes a while until I get to it.
Until then, please be patient.
Note also that GitHub is a place where people meet to make software better together. Nobody here is under any obligation
to help you, solve your problems or deliver on any expectations or demands you may have, but if enough people come together we can
collaborate to make this software better. For everyone.
Thus, if you can, you could also have a look at other issues to see whether you can help other people with your knowledge
and experience. If you have coding experience it would also be awesome if you could step up to dive into the code and
try to fix the odd bug yourself. Everyone will be thankful for extra helping hands!
One last word: If you feel, at any point, like you need to vent, this is not the place for it; you can go to the forum,
to twitter or somewhere else. But this is a technical issue tracker, so please make sure to
focus on the tech and keep your opinions to yourself.

I look forward to working with you on this issue
Cheers 💙

[marcelklehr]

Yep, this is a known issue. Unless you can massage your custom CA into iOS, I don't have a solution for this. (Ignoring SSL errors as many Apps do, is something I'm not willing to stoop to, then you can just use HTTP directly, IMO)

[sproggit]

Thanks Marcel, I appreciate your prompt response and for looking at this so quickly.

Since I made the posting before breakfast this morning, I've asked a bunch of my tech colleagues at work and one of them came up with a suggestion for adding/trusting a previously unknown CA with iOS. I'm not going to describe the solution here in this post, because I want to check and make sure if works first. Then, if it does, I can come back and add an entry with the full solution. If I describe it before I check it out, this page might make it in to a search engine and without a known-good solution, it won't help anyone with the same problem.

So let me experiment tonight and if that works I'll come back and post a step-by-step guide to describe the fix.

So far, the consensus among my tekkie colleagues is that this is a problem with the browser on the tablet - it is not related to either Floccus or NextCloud. But I'll test out the proposed solution and update ASAP.

Thank you

Clive

[sproggit]

OK, returning with an update and not good news... The recommendation was simple: place a copy of the signed root cert in a browser-accessible location, then retrieve it using Safari and HTTP. This works perfectly. iOS detects what it calls a "profile file" and gives me the option to install it... which works perfectly. The new root cert is visible in "Settings" in the "VPN & Device Management" section... However, after an iPad reboot, attempting to access NextCloud using TLS still fails, with the same error - and Floccus setup also fails.

I've posted a request for help on the Apple community... but I think it unlikely that I will get a quick response, if at all.

I'm very grateful for your willingness to look, but with the extra evidence suggesting that this is an iOS issue, not a Floccus issue, I suggest I close this ticket with an apology for troubling you. If I do get a response from Apple, I'll come back and add an update with the work-around.

Thank you.