• Icon: Bug Bug
    • Resolution: Fixed
    • Icon: High High
    • Security
    • None

      Here's what i've written to support@metabrainz.org on On Apr 1, 2017, at 16:00

      Dear MetaBrainz Support,

      I'm the maintainer of the open source nusic android app (listed here
      https://metabrainz.org/supporters/tiers/8).
      Recently, a bug has been reported that occurs when connecting to the
      MusicBrainz API via HTTPS on all devices running Android < version 6. It
      renders the app almost useless, as it heavily depends on MusicBrainz data.

      Here's a link to the issue: https://github.com/schnatterer/nusic/issues/12

      The report and my investigation show error messages such as " No peer
      certificate" or "Trust anchor for certification path not found", which
      show some relation to TLS Certificates.

      While trying to fix the bug client side (no success, yet) I discovered
      that musicbrainz.org ships two certificates, one self-signed and another
      one signed by Gandhi CA.
      You can see it here:
      https://www.ssllabs.com/ssltest/analyze.html?d=musicbrainz.org
      Or by calling
      openssl s_client -tls1 -connect musicbrainz.org:443
      which returns a self signed certifacte and
      openssl s_client -tls1 -servername musicbrainz.org -connect
      musicbrainz.org:443
      which returns the officially signed certificate.

      Did you change any of your certificate settings within the last months?
      Could you fix this server side?
      Or could you help me fix this or give me some insight why this happens?

      Any help is appreciated, as a lot of users have abandoned nusic already
      and probably half or the remaining ones affected by the issue.

      Unfortunately (in regard to this issue) I'm about to go on holidays for
      four weeks, so it might take me a bit longer to get back to you.
      Thanks in advance for your support.

      Kind regards,
      Johannes

          Loading...

            • Icon: Bug Bug
            • Resolution: Fixed
            • Icon: High High
            • Security
            • None

              Here's what i've written to support@metabrainz.org on On Apr 1, 2017, at 16:00

              Dear MetaBrainz Support,

              I'm the maintainer of the open source nusic android app (listed here
              https://metabrainz.org/supporters/tiers/8).
              Recently, a bug has been reported that occurs when connecting to the
              MusicBrainz API via HTTPS on all devices running Android < version 6. It
              renders the app almost useless, as it heavily depends on MusicBrainz data.

              Here's a link to the issue: https://github.com/schnatterer/nusic/issues/12

              The report and my investigation show error messages such as " No peer
              certificate" or "Trust anchor for certification path not found", which
              show some relation to TLS Certificates.

              While trying to fix the bug client side (no success, yet) I discovered
              that musicbrainz.org ships two certificates, one self-signed and another
              one signed by Gandhi CA.
              You can see it here:
              https://www.ssllabs.com/ssltest/analyze.html?d=musicbrainz.org
              Or by calling
              openssl s_client -tls1 -connect musicbrainz.org:443
              which returns a self signed certifacte and
              openssl s_client -tls1 -servername musicbrainz.org -connect
              musicbrainz.org:443
              which returns the officially signed certificate.

              Did you change any of your certificate settings within the last months?
              Could you fix this server side?
              Or could you help me fix this or give me some insight why this happens?

              Any help is appreciated, as a lot of users have abandoned nusic already
              and probably half or the remaining ones affected by the issue.

              Unfortunately (in regard to this issue) I'm about to go on holidays for
              four weeks, so it might take me a bit longer to get back to you.
              Thanks in advance for your support.

              Kind regards,
              Johannes

                    zas Zas
                    schnatterer Johannes Schnatterer
                    Votes:
                    1 Vote for this issue
                    Watchers:
                    3 Start watching this issue

                      Created:
                      Updated:
                      Resolved:

                        Version Package

                          zas Zas
                          schnatterer Johannes Schnatterer
                          Votes:
                          1 Vote for this issue
                          Watchers:
                          3 Start watching this issue

                            Created:
                            Updated:
                            Resolved:

                              Version Package