ToDo 2.0 and BLIPS

Mobile
21

I’m using Android Studio 3.0, there is internal emulator, I created Nexus 5x-like device on Android 5 (API 21),
then imported demo TODO 2.0 (this example link the same as above.

my connections:
emulator -> inet -> external IP -Firewall> NAT routing of 4984 port to my internal server IP -> 10.10.10.2
or
my PC -> VPN PPTP -> internal work IP -> my SGW server IP

For SSL I also tried LibreSSL 2.5.5 for windows, with your settings.
I also tried https://indy.fulgan.com/SSL/ , last version 1.0.2n i386 win32
What is your version of OpenSSL ?

I don’t understand why 10.0.2.2? for me it is an external network, I have 10.10.10.x/24, mask 255.255.255.0
So, I connected to LAN, where my server is via VPN PPTP.

String SYNCGATEWAY_URL = “blips://10.0.2.2/”; // app crash on start
String SYNCGATEWAY_URL = “blips://10.0.2.2/db”; // app started but no sync, no log in SGW log, packets goes to nowhere.
String SYNCGATEWAY_URL = “blips://10.0.2.2:4984/db”; // also nothing hapens, no sync

String SYNCGATEWAY_URL = “blips://10.10.10.2:4984/db/”; //
http: TLS handshake error from 10.10.10.136:52834 : remote error: tls: unknown certificate

22

  • Yes- 10.0.2.2 is for localhost. If your SGW not localhost, then its fine to use the IP Address. I was not clear on your setup since you were testing the curl command via localhost .

  • Since it’s not localhost , did you try running the curl command from the PC that you are running the emulator on? I want to check if its your network firewall setup that is blocking this.

  • What do you see in the console logs of the Android app ?

You have to always provide DB Name in the URL path

Unrelated to the issue, going forward please use the travel-sample app for couchbase mobile 2.0. We are unlikely going support the ToDo app for future DP releases .

23

TODO2.0 app works fine with BLIP protocol.

24

curl over vpn, from my pc to SGW.

E:\ya.disk>curl -k -X GET https://10.10.10.2:4984 -H ‘cache-control: no-cache’ --verbose
Note: Unnecessary use of -X or --request, GET is already inferred.

  • Rebuilt URL to: https://10.10.10.2:4984/
  • Trying 10.10.10.2…
  • TCP_NODELAY set
  • Connected to 10.10.10.2 (10.10.10.2) port 4984 (#0)
  • ALPN, offering http/1.1
  • Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
  • TLSv1.2 (OUT), TLS header, Certificate Status (22):
  • TLSv1.2 (OUT), TLS handshake, Client hello (1):
  • TLSv1.2 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  • TLSv1.2 (IN), TLS handshake, Server finished (14):
  • TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  • TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  • TLSv1.2 (OUT), TLS handshake, Finished (20):
  • TLSv1.2 (IN), TLS change cipher, Client hello (1):
  • TLSv1.2 (IN), TLS handshake, Finished (20):
  • SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  • ALPN, server accepted to use http/1.1
  • Server certificate:
  • subject: C=EU; CN=10.10.10.2; emailAddress=admin@tj.com
  • start date: Dec 10 21:18:46 2017 GMT
  • expire date: Dec 3 21:18:46 2047 GMT
  • issuer: C=EU; CN=10.10.10.2; emailAddress=admin@tj.com
  • SSL certificate verify result: self signed certificate (18), continuing anyway.

GET / HTTP/1.1
Host: 10.10.10.2:4984
User-Agent: curl/7.57.0
Accept: /

< HTTP/1.1 200 OK
< Content-Length: 130
< Content-Type: application/json
< Server: Couchbase Sync Gateway/1.5.1
< Date: Mon, 11 Dec 2017 20:08:45 GMT
<
{“couchdb”:“Welcome”,“vendor”:{“name”:“Couchbase Sync Gateway”,“version”:1.5},“version”:“Couchbase Sync Gateway/1.5.1(4;cb9522c)”}* Connection #0 to host 10.10.10.2 left intact
Note: Unnecessary use of -X or --request, GET is already inferred.

  • Rebuilt URL to: no-cache’/

  • Failed to convert no-cache’ to ACE;

  • Closing connection -1
    curl: (3) Failed to convert no-cache’ to ACE;

25

OK. So we have established the following from the tests

  • The SSL connectivity from the PC running your emulator to the Sync Gateway is fine and that the Sync Gateway itself is configured for SSL properly
  • The Android app is reading the certificate properly (assuming the cert that was included is valid).

So it comes down to the Android emulator / client . So going back to my earlier point -

Can you try with an emulator with a later API ? Android 5 does include TLS 1.2 support but just to be eliminate the possibility that issue may be this specific emulator

( W.r.t ToDo App - You mentioned that you using the ToDo app but it appears to be on DB018. We are on DB20 so you may want to update and see if that fixes the issue. There may have been issues with DB18 although I am not aware of any but worth the try. (Hence my earlier comment that the ToDo app should not be expected to be up-to-date with the latest DB release) )

Other than that, I am running out of ideas here …