Malformed JSON was received. #161

New Issue

6543 · 2020-06-03T17:40:55Z

6543 commented

2020-06-03 17:40:55 +00:00

Created By: @korrozive_bot

Description - describe the bug / feature / suggestion in brief :

Hello There

Thanks for this great app.

Unfortunately, every time I try login to my own Gitea server through Gitnex i get the following error:

Malformed JSON was received. Server response was not successful.

I'm using a self-signed certificate to use https communications so i think this could be the problem.

Expected behaviour - describe what should be the expected result :

Successful login message and redirection to the main page/feed in Gitnex app.

GitNex version : 2.1.3

Gitea version : 1.9.3

Android version : 9

Screenshots - if any:

Logs - if any :

Created By: @korrozive_bot #### Description - describe the bug / feature / suggestion in brief : Hello There Thanks for this great app. Unfortunately, every time I try login to my own Gitea server through Gitnex i get the following error: Malformed JSON was received. Server response was not successful. I'm using a self-signed certificate to use https communications so i think this could be the problem. #### Expected behaviour - describe what should be the expected result : Successful login message and redirection to the main page/feed in Gitnex app. #### GitNex version : 2.1.3 #### Gitea version : 1.9.3 #### Android version : 9 #### Screenshots - if any: #### Logs - if any :

6543 added the

🐛 Bug

🧾 Confirmed

labels 2020-06-03 17:40:56 +00:00

6543 closed this issue

2020-06-03 17:40:56 +00:00

6543 commented

2020-06-03 17:41:36 +00:00

@mmarif I think now its worth to add a subroutine wich checks the Instance bevore using it:

version
ssl-cert -> add a are you sure!!! dialog?
other thigs ... like privacy settings in future (https://github.com/go-gitea/gitea/pull/8086)

@mmarif I think now its worth to add a subroutine wich checks the Instance bevore using it: * version * ssl-cert -> add a **are you sure!!!** dialog? * other thigs ... like privacy settings in future (https://github.com/go-gitea/gitea/pull/8086)

6543 commented

2020-06-03 17:41:56 +00:00

@korrozive_bot i think your your cert is the roblem ... I assume

"By default, Retrofit will not connect to the subdomains (e.g., https://expired.badssl.com/ with bad SSL certificates."

source: https://futurestud.io/tutorials/retrofit-2-how-to-trust-unsafe-ssl-certificates-self-signed-expired

Is your Instance public/private?

if public:

gitea can get letsencrypt on its own (https://docs.gitea.io/en-us/https-setup/)
use caddy/nginx ... for letsencrypt

if private:

use http ?

alow self-signed certificate as default is dangerous

@korrozive_bot i think your your cert is the roblem ... I assume "By default, Retrofit will not connect to the subdomains (e.g., https://expired.badssl.com/ with bad SSL certificates." source: https://futurestud.io/tutorials/retrofit-2-how-to-trust-unsafe-ssl-certificates-self-signed-expired __________ Is your Instance public/private? if public: - gitea can get letsencrypt on its own (https://docs.gitea.io/en-us/https-setup/) - use caddy/nginx ... for letsencrypt if private: - use http ? _______________ **alow self-signed certificate as default is dangerous**

6543 commented

2020-06-03 17:42:16 +00:00

Tested result: self-cert not falide!

6543 commented

2020-06-03 17:42:36 +00:00

@korrozive_bot
If you have Discord we can chat at:

[GitNex dev channel] https://discord.gg/eFTcvmp

@korrozive_bot If you have Discord we can chat at: [GitNex dev channel] https://discord.gg/eFTcvmp

mmarif commented

2020-06-03 17:42:57 +00:00

It could be many things. If you want me to debug in detail, you could share the details in discord or email to gitnex@swatian.com your instance address and test account.

6543 commented

2020-06-03 17:43:17 +00:00

@mmarif I tested it -> it is because of self-cert

mmarif commented

2020-06-03 17:43:37 +00:00

@6544 great to find the source cause.

I am still interested to find more details about it like is the cert expired?

Also if the instance is on internet, you can easily get free cert from letsencrypt. That will solve all your problems regarding the app and more trusted in browser.

@6544 great to find the source cause. I am still interested to find more details about it like is the cert expired? Also if the instance is on internet, you can easily get free cert from letsencrypt. That will solve all your problems regarding the app and more trusted in browser.

6543 commented

2020-06-03 17:43:57 +00:00

@mmarif we could add a check to https://gitea.com/gitnex/GitNex/src/branch/master/app/src/main/java/org/mian/gitnex/activities/LoginActivity.java#L410

wich Toasty.info("<if ssl cert error tell it to the user>")

@mmarif we could add a check to https://gitea.com/gitnex/GitNex/src/branch/master/app/src/main/java/org/mian/gitnex/activities/LoginActivity.java#L410 wich Toasty.info("`<if ssl cert error tell it to the user>`")

6543 commented

2020-06-03 17:44:17 +00:00

Created By: @korrozive_bot

Hi @6543, thanks for your reply.

allow self-signed certificate as default is dangerous

I'm a noob but if you can validate sha256 and sha1 of the cert you can decide trust or not without need of an Authority.

I'm exposing my gitea server to internet using a reverse proxy from another computer (i have access but it isn't mine, also i don't want expose it to some exploits due a bad configuration in my gitea instance). I enabled https communication to avoid MITM attacks and a way to be sure i'm login in my gitea server.

Can Let's encrypt certify a web page that is offline the most part of the time?

Is there a way to get and check the ssl certificate and create the exception to connect through gitnext?.

Thanks in advance.

Created By: @korrozive_bot Hi @6543, thanks for your reply. **allow self-signed certificate as default is dangerous** I'm a noob but if you can validate sha256 and sha1 of the cert you can decide trust or not without need of an Authority. I'm exposing my gitea server to internet using a reverse proxy from another computer (i have access but it isn't mine, also i don't want expose it to some exploits due a bad configuration in my gitea instance). I enabled https communication to avoid MITM attacks and a way to be sure i'm login in my gitea server. Can Let's encrypt certify a web page that is offline the most part of the time? Is there a way to get and check the ssl certificate and create the exception to connect through gitnext?. Thanks in advance.

mmarif commented

2020-06-03 17:44:37 +00:00

Was you able to catch the exact error from api?

6543 commented

2020-06-03 17:44:57 +00:00

@mmarif this is NO api error its an error from our HTTP(s) library! (Retrofit 2)

@korrozive_bot if your computer reachable from outside (to test use tor browser) via port 80 you can optain a letsencrypt cert it only has to be onlyne at validation

@mmarif this is NO api error its an error from our HTTP(s) library! (Retrofit 2) @korrozive_bot if your computer reachable from outside (to test use tor browser) via port 80 you can optain a letsencrypt cert it only has to be onlyne at validation

mmarif commented

2020-06-03 17:45:18 +00:00

@6543 Yes, I mentioned it wrongly. Suppose to be Retrofit call. How did you check this? can you share the test instance so I can have solution to show at least some toast message.

@korrozive_bot yes, as mentioned you can get a cert if your instance is exposed to internet. Also it will be not a good thing to accept self signed certs. Android is not that strict in this regard but still it is not recommended.
Alternatively you can use just http.

@6543 Yes, I mentioned it wrongly. Suppose to be Retrofit call. How did you check this? can you share the test instance so I can have solution to show at least some toast message. @korrozive_bot yes, as mentioned you can get a cert if your instance is exposed to internet. Also it will be not a good thing to accept self signed certs. Android is not that strict in this regard but still it is not recommended. Alternatively you can use just http.

6543 commented

2020-06-03 17:45:38 +00:00

Its a localhost instance so i cant :(

But I can provide you LOGs and a how to setup ... Discord

Its a localhost instance so i cant :( But I can provide you LOGs and a how to setup ... Discord

6543 commented

2020-06-03 17:45:58 +00:00

@korrozive_bot I'll close this for now due inactivery - if you still have proble with tis feel free to reopen