Project

General

Profile

Bug #3196

Certificate chooser popup doesn't show certificates with EC keys on Android 10

Added by Nick Miller 8 days ago. Updated 4 days ago.

Status:
Closed
Priority:
Normal
Category:
android
Target version:
Start date:
Due date:
Estimated time:
Affected version:
5.8.1
Resolution:
Fixed

Description

When adding a new profile in the Android app, and I choose to configure an IKEv2 Certificate connection, the popup to select a user certificate is broken. It pops up for a fraction of a second and closes.

Screenshot_20191007-135708.png (92.6 KB) Screenshot_20191007-135708.png Screenshot of screen where error occurs Nick Miller, 07.10.2019 20:01
Screenshot_20191008-110959.png (72.1 KB) Screenshot_20191008-110959.png Nick Miller, 08.10.2019 17:11

History

#1 Updated by Tobias Brunner 7 days ago

  • Status changed from New to Feedback

The certificate selection is provided by Android's KeyChain API. So if that doesn't work anymore, you might want to report it to Google.

Note that there already are documented behavior changes. In particular, if there are no certificates installed yet, no dialog will be shown (while previous versions showed an empty list and a button to install certificates). So certificates have to be installed via profile files or the system settings. Another is that the key types are now honored, which we currently set to "RSA" (might be because older versions needed that, I'll try to set that to null). So do you actually have a certificate/key installed on your system yet? And if so, what type of key is it (RSA/ECDSA)?

#2 Updated by Nick Miller 7 days ago

Hey Tobias, thanks for the quick answer.

The key is actually EC. I will try with RSA later this week. I have imported it in a bundle in the .p12 format, using the system certificate store. Attached is the cert info screenshot.

The certificate also has a password, is that an issue?

#3 Updated by Tobias Brunner 6 days ago

  • Tracker changed from Issue to Bug
  • Subject changed from Certificate chooser popup is broken on Android 10 to Certificate chooser popup doesn't show certificates with EC keys on Android 10
  • Assignee set to Tobias Brunner
  • Target version set to 5.8.2

The key is actually EC.

OK, then that makes sense. Due to the mentioned restriction to RSA keys, your certificate will never show up in that dialog on Android 10. Yesterday I've released a beta version of the app with the key type argument set to null. Would be great if you could try it (see here for information about beta testing).

The certificate also has a password, is that an issue?

No, that's not a problem. You only need that to import it into the system keystore.

#4 Updated by Nick Miller 5 days ago

I joined the beta and was able to select the EC certificate. I had issues getting my RSA cert into my system but that's my problem. I would say the issue is resolved.

#5 Updated by Tobias Brunner 4 days ago

  • Status changed from Feedback to Closed
  • Resolution set to Fixed

I joined the beta and was able to select the EC certificate. I had issues getting my RSA cert into my system but that's my problem. I would say the issue is resolved.

Great, thanks for testing. I'll release the app to production soon.

Also available in: Atom PDF