We have the same situation and cannot use the client until it can provide certificates.

Preferebly it would use the windows certificate store or the one from firefox.

wdehoog on 23 Jan 2013

We're just another group of people which is interested in this functionality. It would appreciated if You would implement this.

kzajacc on 28 May 2013

Yessir, interested in such a feature!

frijsdijk on 28 May 2013

If there is so much interest, why does nobody come up with a patch then?

danimo on 28 May 2013

Waiting for this!!

pretjep on 11 Jun 2013

+1 for this feature!

rbardoel on 6 Jul 2013

Added outline on how to implement the feature.

danimo on 6 Jul 2013

I'm currently using stunnel to create a https->http "tunnel" as an ugly hack to get this functionality. It works okay-ish, but having to start stunnel every time I start mirall is far from optimal.

natschil on 22 Aug 2013

Does anyone know whether there's any work happening on this?
If not, I would be interested in looking at the source code to see what I can do.

natschil on 22 Aug 2013

@natschil I am not aware about anyone working on this. See my descriptions in the original report on what needs to be done. Don't hesitate to ask if you need further help.

danimo on 22 Aug 2013

I'll have a look at what I can do in the next few days. Is there an irc
channel for mirall development somewhere?

natschil on 22 Aug 2013

#owncloud-client-dev

danimo on 22 Aug 2013

I just patched ocsync to allow for CA and client certificates.
I mailed the patch to [email protected] as I don't know how to add it here.

The syntax is pretty obvious IMHO and is described in the new help:

--ca-cert=<file>       file name of CA certificate
--client-cert=<file>   file name of client certificate
--client-cert-pass=<p> password of client certificate

This allows ocsync to connect to a server which is protected by a (self-signed) client certificate.

The ca file will usually be a PEM file, the client certificate will usually be in p12 format.

I added corresponding properties ca_certificate, client_certificate and client_certificate_pass to csync_owncloud.[ch], which could also be used by the gui.

Anyone volunteers to do the gui stuff? (I'm afraid of beeing not experienced enough to do this).

It would be nice if this could make it to the official sources soon.

think-nice-things on 2 Nov 2013

Thanks for doing this!
I also have a set of (untested) patches for ocsync with client side ssl
certificates, I can upload them somewhere if you want to compare yours
with mine. Note that my patches only change the owncloud module of
csync, and hence have no commandline arguments, but if I remember
correctly, owncloud doesn't actually call the csync application w/
commandline parameters but instead dynamically loads a shared library or
something. (I coded this about a month ago, and I don't remember the
details).

I had a look at some of the GUI stuff too and made some preliminary
changes ( such as changing the .ui files to accept client side ssl
certificates, and changing some of the configuration file abstraction to
be able to set client side ssl cert configuration options, but then I
ran out of free time and didn't actually get to anything that works
(writing Qt GUIs is not really my area of expertise either).

On 11/02/2013 10:09 PM, joze- wrote:

I just patched ocsync to allow for CA and client certificates.
I mailed the patch to [email protected] mailto:[email protected] as I
don't know how to add it here.

The syntax is pretty obvious IMHO and is described in the new help:

|--ca-cert= file name of CA certificate
--client-cert= file name of client certificate
--client-cert-pass=
password of client certificate
|

This allows ocsync to connect to a server which is protected by a
(self-signed) client certificate.

The ca file will usually be a PEM file, the client certificate will
usually be in p12 format.

I added corresponding properties ca_certificate, client_certificate
and client_certificate_pass to csync_owncloud.[ch], which could also
be used by the gui.

Anyone volunteers to do the gui stuff? (I'm afraid of beeing not
experienced enough to do this).

It would be nice if this could make it to the official sources soon.

—
Reply to this email directly or view it on GitHub
https://github.com/owncloud/mirall/issues/69#issuecomment-27632558.

natschil on 3 Nov 2013

natschil // yes please make your code available, I'll check if I can make the best from both versions

think-nice-things on 3 Nov 2013

Hi guys,

Funny enough, I also have a patch for related to ssl certificates: disabling the check altogether (originally because of self-signed cert on the server). It is actually controlled by the PATCH variable in my compilation script that was discussed on the mailing list.
Not sure if we will need this anymore if we have --cert options your developed.

kuba

On Nov 3, 2013, at 8:24 PM, joze- [email protected] wrote:

natschil // yes please make your code available, I'll check if I can make the best from both versions

—
Reply to this email directly or view it on GitHub.

moscicki on 3 Nov 2013

This issue isn't related to ssl checks though, but to being able to
provide a _client side_ ssl certificate.

On 11/03/2013 08:37 PM, moscicki wrote:

Hi guys,

Funny enough, I also have a patch for related to ssl certificates:
disabling the check altogether (originally because of self-signed cert
on the server). It is actually controlled by the PATCH variable in my
compilation script that was discussed on the mailing list.
Not sure if we will need this anymore if we have --cert options your
developed.

kuba

On Nov 3, 2013, at 8:24 PM, joze- [email protected] wrote:

natschil // yes please make your code available, I'll check if I can
make the best from both versions

—
Reply to this email directly or view it on GitHub.

—
Reply to this email directly or view it on GitHub
https://github.com/owncloud/mirall/issues/69#issuecomment-27652121.

natschil on 4 Nov 2013

Is there any plan to implement the function of client side ssl certificate in the Desktop Sync Client softwares? This functionality would be very much appreciated!

icetype on 22 Jan 2014

@icetype The feature is not scheduled for the next two major releases. Which pretty much means it's not on the roadmap. As indicated above, we're glad to assist anyone who attempts to implement SSL client certs as a coherent feature in the ownCloud Client.

Alternatively, you can always influence the main developers' priorities by purchasing an ownCloud commercial license and telling sales you need this particular feature.

danimo on 22 Jan 2014

Thank you for the information, danimo!

icetype on 22 Jan 2014

Could you guys please share patches you've got?

laurivosandi on 25 Jan 2014

@natschil @moscicki Care to share your patches with @v6sa?

danimo on 25 Jan 2014

Sorry for not doing this earlier, I've been relatively busy recently and haven't gotten to working on this.... I've put a patch for csync and one for mirall here: https://github.com/natschil/owncloud_client_side_ssl_stuff

Notes:
The csync patch is far more complete than the mirall one. I didn't completely understand the mirall codebase iirc, and so only made a few tentative changes. It may be of some help to someone looking at the scope of what needs to be change, but I would caution you that especially the mirall patch is far from comprehensive. The csync patch is, as far as I remember, relatively complete. (It is against git://git.csync.org/users/owncloud/csync.git )

natschil on 26 Jan 2014

Thank you, @natschil , for kindly proving your patches. I'm a complete newbie but will give it try to build them.

icetype on 28 Jan 2014

@icetype You can try to build the csync one (I think it compiles), but the owncloud patch doesn't actually do anything.....These patches are mainly meant for someone trying to develop client side ssl functionality to have a look at, they aren't actually working code. Sorry for being unclear...

natschil on 28 Jan 2014

@icetype If you're looking for using client side ssl certificates, I suggest you use stunnel to connect to your server, that has worked for me in the past.

natschil on 28 Jan 2014

@natschil Thank you for the information and kind suggestion. In fact, I tried to use ssh dynamic port forwarding with client-side ssl certificates and SOCK5 proxy setting in the ownCloud client. It seems to be working OK so far, although it may not be an ideal solution.

icetype on 28 Jan 2014

With a colleague, we did it with the last client's version (1.6) and Qt 5.0.

The client need a PKCS12 container to match the server certificate and established the SSL connection. Otherwise, the connection can't be established.

The window to configure the PKCS12 path pops when the returned SSL error is SSL_ERROR_HANDSHAKE_FAILURE_ALERT.

Raptormagnum on 7 Apr 2014

@Raptormagnum : Is your code somewhere in github? If yes, is this issue closed?

natschil on 14 Jun 2014

+1000 for client side SSL certificate support in the sync clients.

monkeyhybrid on 1 Oct 2014

@monkeyhybrid Please refrain from adding useless + messages. Currently, we are not short of priorities. Let code speak and get your hands dirty. Or try money (there is a Bountysource set up for ownCloud, https://www.bountysource.com/teams/owncloud), to attract new contributors.

danimo on 1 Oct 2014

@danimo I'm currently trying to implement this feature. So far I have the csync part and a working owncloudcmd. The login works, but it seems that JournalDb has problems which is probably because I haven't added the client certificate to the QSslNetworkAccessManager.

Got any info where I have to add this (which files)? I tried to figure out how the QSslConfiguration part works but I'm new to all of this and can't really make sense of it.

FYI, I'm currently not trying to change the gui client. First I want to get the sync with owncloudcmd working before I start with the gui.

fredericmohr on 12 Nov 2014

On which platform do you test it? When you have something workable, please let know how I may try it out... I am also interested in this.

moscicki on 13 Nov 2014

I'm currently testing the client on ubuntu server 14.04. As I said, I'm only working on owncloudcmd, not the gui client but I will try to implement it there as well as soon as I got occmd working. (The it should be just a Qt thing...)

Once I'm done I'll put it online and post it here for everyone to try out.

PS: I'm thankfull for any help/info I can get with the NetworkAccessManager / QSslConfiguration part. I'm really stuck there atm.

fredericmohr on 13 Nov 2014

Hi, I published a 1.6 version of a modified desktop client. This client was developped with Raptormagnum and is able to support a P12 client certificate. The source code need some improvement but you can get it here : https://github.com/nocteau/mirall/tree/1.6

nocteau on 18 Nov 2014

@nocteau: thanks, we will check. Please bear with us that this will take some time.

dragotin on 18 Nov 2014

Awesome, I'll try to build and run it tomorrow. I'll let you know if I run into any bugs :)

fredericmohr on 18 Nov 2014

FYI, you need libcrypto and libopenssl to build.

Raptormagnum on 19 Nov 2014

@nocteau - https://github.com/nocteau/mirall/tree/1.6
i've packaged owncloud-client-1.7.0 for nixos and it is working. next i adapted the nix-expression it to use your 1.6 branch i can start the client but it segfaults (as described below in detail):

help: it seems the gdb trace from below does not give me enough details to know what causes the segfault.

i was using:
cmake -DCMAKE_BUILD_TYPE=Debug -DCMAKE_SKIP_BUILD_RPATH=ON -DCMAKE_INSTALL_PREFIX=$out ..

to build the software.

thanks for your effort to provide this patch, it is really valuable to have this client certificate feature in the owncloud-client.

running owncloud

i type 'owncloud'
i see the client and modify my current connection (which i created with owncloud 1.7)
there i do 'modify account'
i add my remote server (which has SSL client certificates enabled and works with firefox)

Faild to connect to ownCloud at https://foo.de/bar: SSL handshake failed
then a 'Certificate authentication' dialog popps up, i set a Cerfificate path but leave the password field empty (if i fill a password in, i get an error: "Impossible de parser le fichier PKCS#12 (mauvais mot de passe ?) - which is a correct error, since the key is wrong as i don't have my p12 encrypted).
now i'm asked for username/password and it does not matter what i type in there, it will crash afterwards with the segfault below:

segfault

#0  0x0000000000451c98 in QString::QString(QString const&) ()
#1  0x00007ffff66fa4a2 in Mirall::HttpCredentials::HttpCredentials(QString const&, QString const&, QString const&, QString const&, QString const&) ()
   from /nix/store/69llx5a5q9pvv1q7qyy84a3j0g9lsva7-owncloud-client-1.6.0/lib64/libowncloudsync.so.0
#2  0x0000000000469d19 in Mirall::OwncloudHttpCredsPage::getCredentials() const ()
#3  0x00000000004638a3 in Mirall::OwncloudWizard::getCredentials() const ()
#4  0x0000000000472fc1 in Mirall::OwncloudSetupWizard::slotConnectToOCUrl(QString const&) ()
#5  0x00000000004a5c9d in Mirall::OwncloudSetupWizard::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) ()
#6  0x00007ffff22acd96 in QMetaObject::activate(QObject*, int, int, void**) () from /nix/store/nz184gqszb9470dq5zbd3w5r9wsxxf6g-qt-5.2.1/lib/libQt5Core.so.5
#7  0x00000000004a7873 in Mirall::OwncloudWizard::connectToOCUrl(QString const&) ()
#8  0x00000000004a742a in Mirall::OwncloudWizard::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) ()
#9  0x00007ffff22acd96 in QMetaObject::activate(QObject*, int, int, void**) () from /nix/store/nz184gqszb9470dq5zbd3w5r9wsxxf6g-qt-5.2.1/lib/libQt5Core.so.5
#10 0x00000000004a6db5 in Mirall::OwncloudHttpCredsPage::connectToOCUrl(QString const&) ()
#11 0x0000000000469980 in Mirall::OwncloudHttpCredsPage::validatePage() ()
#12 0x00007ffff79177bf in QWizard::next() () from /nix/store/nz184gqszb9470dq5zbd3w5r9wsxxf6g-qt-5.2.1/lib/libQt5Widgets.so.5
#13 0x00007ffff22acd96 in QMetaObject::activate(QObject*, int, int, void**) () from /nix/store/nz184gqszb9470dq5zbd3w5r9wsxxf6g-qt-5.2.1/lib/libQt5Core.so.5
#14 0x00007ffff7a605e2 in QAbstractButton::clicked(bool) () from /nix/store/nz184gqszb9470dq5zbd3w5r9wsxxf6g-qt-5.2.1/lib/libQt5Widgets.so.5
#15 0x00007ffff77e9406 in ?? () from /nix/store/nz184gqszb9470dq5zbd3w5r9wsxxf6g-qt-5.2.1/lib/libQt5Widgets.so.5
#16 0x00007ffff77e97ee in QAbstractButton::click() () from /nix/store/nz184gqszb9470dq5zbd3w5r9wsxxf6g-qt-5.2.1/lib/libQt5Widgets.so.5
#17 0x00007ffff78d9aa5 in QDialog::keyPressEvent(QKeyEvent*) () from /nix/store/nz184gqszb9470dq5zbd3w5r9wsxxf6g-qt-5.2.1/lib/libQt5Widgets.so.5

dependencies i am using:

nix-store --query --requisites /nix/store/69llx5a5q9pvv1q7qyy84a3j0g9lsva7-owncloud-client-1.6.0/bin/owncloud  | sed -e 's/^/    /g'
/nix/store/fbrdhcwqnwg44c31wz9ng9qpc3lf8gmr-xproto-7.0.26
/nix/store/ghvrcvzzd83j4vvynm7kry4n9s42b986-linux-headers-3.7.1
/nix/store/i11d0d4015p0vbdnjq7lb509v9pwp049-glibc-2.19
/nix/store/4z6wpk99i5ibvlgmpddbmrhd0bvnq4mh-libXdmcp-1.1.1
/nix/store/vwfkdyc65x76glbkx6fbik97wiq5vv89-libXau-1.0.8
/nix/store/iyqc0amn4vcinyadrs7mg5w1im0nfg8n-libxcb-1.11
/nix/store/01cynfnbnyr49jx41a7ppgx3vgwn1pln-xcb-util-wm-0.4.1
/nix/store/6p7rwk5c23wsgkbhcg14dqg58yv5wcl5-libpciaccess-0.13.2
/nix/store/0p6x2lyb9s01wbsyi93hx281zjnwh799-libdrm-2.4.56
/nix/store/j9z585f73bl8i5r0q9pvzwanc7xh5fns-bash-4.2-p51
/nix/store/qf04wrishkjhk27yib92gnlasqg5s38n-attr-2.4.47
/nix/store/g0fzvg4adlwibyxa26jrvzdnpd63grnp-acl-2.2.52
/nix/store/mbq4nwsyjf3wpj00pxls75pikczizs16-coreutils-8.21
/nix/store/9ikh5ifbi15iq2d9kcgmg28kzzzw2jx1-zlib-1.2.8
/nix/store/n2zcibvfxg6k2wpiipd8bzmc46q0vjy6-gcc-4.8.3
/nix/store/ycmsiznf2484vbjwmj57jdy2ncyrj7fj-binutils-2.23.1
/nix/store/12k2cnlgppwzgwar7ipzpr9i6pv27rl0-gcc-wrapper-4.8.3
/nix/store/28k3shgd8h3f6gkx69bg2pd80933hlmw-kbproto-1.0.6
/nix/store/98bazl9c745c1q645y7l5nd9gpwg3zdd-libX11-1.6.2
/nix/store/9hbzyw01c76jx15d2bijfjpsy2yznr90-xextproto-7.3.0
/nix/store/7x10isnwjc3zc2zx1bjss1i9ynw1idax-libXext-1.3.3
/nix/store/kzv36v4yiaaxfhrbp4yz7hdh08ib93i3-inputproto-2.3.1
/nix/store/13qf3k6c4zd7pl48n5gbw0xlv75j1vqv-libXi-1.7.4
/nix/store/d2l0chpw8ys75nh2y8xb2bwbpl37igsw-libogg-1.3.2
/nix/store/19jg2m7lchszjsd0z4g8l7525k5cdnw3-libvorbis-1.3.4
/nix/store/3c2ylhmw1b4fwxjvnkn7xh5dk1194w65-cdparanoia-III-10.2
/nix/store/4gxphxmmy8rw81f0hk32r07zls3zczp5-libgpg-error-1.17
/nix/store/5176aycp30pyjbfvgwwa3rchkgvxq75q-libICE-1.0.9
/nix/store/qxfk6symx3qjkc3h76b20a952rx0mwj6-cracklib-2.9.1
/nix/store/5dsh816zhh6d26dv5j4npprchmrd22f3-linux-pam-1.1.8
/nix/store/7bwvyvzzar933samgplh6zjs1nq1pfqa-libmicrohttpd-0.9.38
/nix/store/ash6ha16a2rb2jyasxc8ljjjhp3iancv-util-linux-2.25.1
/nix/store/aw68yp4xj5bsn4rvrh8bn5b8pn4avv7d-libcap-2.22
/nix/store/by51b7f4rph8q6gf3g0i3dm0vyb20jhb-libffi-3.0.13
/nix/store/fayy66lhdkjcbpn7x6mycdlaya9r5vmm-sysvtools-2.88dsf
/nix/store/p0z2yw63cqwv0ics21s70ys4lc75swin-gzip-1.6
/nix/store/qcpcs24jzqa0v7ks06f7289mx3ghsly8-bzip2-1.0.6
/nix/store/hs0yycnf9mvirc4pqkbzv431gnb77sqg-kbd-1.15.3
/nix/store/k0bmql79s9przbx8m23bschh2ij634mf-kmod-18
/nix/store/lla8bj7kp6v306hi8rykmgxzrk9ld6cs-xz-5.0.5
/nix/store/6jvr2bi18p8dvgmw9l4akicd5ww4l0gq-pcre-8.35
/nix/store/6qvjjaywj6qf8jn9splpiz9qap01w36w-perl-5.16.3
/nix/store/ip711szwgvwx666pbrazh00ni3qkc1ad-openssl-1.0.1j
/nix/store/6l1bvljpy8gazlsw2aw9skwwp4pmvyxw-python-2.7.8
/nix/store/8vx2ary0m2bbhzgwlddmdcygnq511v96-libelf-0.8.13
/nix/store/xyb4p3di6zd4k77g92dp2a697wy4b4dw-glib-2.40.0
/nix/store/zxyd14xhzakvr3gai86pags7lhb3i223-libgcrypt-1.5.4
/nix/store/gphg2ga8hn4pp8bbhg574ypdp7m1qqi5-systemd-212
/nix/store/5pxyvah03v7d6khp5ajinl3gymb4q1c5-libusb-1.0.19
/nix/store/6mrq7apz8rpavi4x2vdkcafi6xcak768-xcb-util-0.3.9
/nix/store/5qp0qkyl64kkjmxakwjc3xxdrzdzv6ra-xcb-util-image-0.3.9
/nix/store/fkmvmjchjbxr2hq1lzzj402ib7x0w478-libxshmfence-1.1
/nix/store/g449mjvsk4b4mv1gyrdvgf4s5pv64d2q-fixesproto-5.0
/nix/store/wc6jrn0lhg52j57ls5wmk7gk9vizvd41-libXfixes-5.0.1
/nix/store/sw5q7ymzxm1pc5xjlbycf41avip4p1w1-damageproto-1.2.1
/nix/store/zma2zljjf60f3s09pbzxzinafkwi4wb2-libXdamage-1.1.4
/nix/store/jaq4xkjr736rypycxqjj3kqzd1a66xa1-xf86vidmodeproto-2.3.1
/nix/store/zmyphm8ba8h5kyb5jlcarhajfkm7sv04-libXxf86vm-1.1.3
/nix/store/az8kr8w6zc7q5ih7kfkjzqzgrjm7l3b3-ncurses-5.9
/nix/store/b6amr43h021kfkbwz6sgahvk1dsigsrn-llvm-3.4.2
/nix/store/j08ar697mnk532fqsj1pi1fvqgm31xzy-expat-2.1.0
/nix/store/x92c9kmnmhhjghxqbx2zwh5fcli2jvn0-wayland-1.6.0
/nix/store/zswissl3qwy88gsarhvhx40a4dcjak5h-mesa-noglu-10.2.6
/nix/store/6q1p1h68fi08xvla5705lcagcbv74kn0-glu-9.0.0
/nix/store/7wmlb3sxyzm51nlip8262373gjnb4l9g-gdbm-1.11
/nix/store/8kwy968j65jq0504nqxmr9fzk0ipbz8j-flac-1.3.0
/nix/store/pq0kvrsqsr1kfxmyx82yv4nfj3hk7hr0-gnused-4.2.2
/nix/store/cxdrb2xylajv8bmcldx9dm7m0lzpqfv5-pcre-8.35
/nix/store/wy6rp99f93j720ara5j40gzf6vwprw78-gnugrep-2.14
/nix/store/9b1d0cg0rqca149vkk2gydsz1qbw2zlm-libtool-2.4.2
/nix/store/ap6377gpymhy21bmdjxmp5r17cj3d6f0-json-c-0.12
/nix/store/im6klkaj84ynihwvlkxgdj1pa4sgsgag-alsa-lib-1.0.28
/nix/store/bv8kyk7m4qxwdwhsvcbgl9ap8wdpp9in-fftw-double-3.3.4
/nix/store/pv477vya5g1fd2w69h6bdigrp9qq106i-libsndfile-1.0.25
/nix/store/jpjlrxj7qdriky6cxflxg25ds904qcam-libsamplerate-0.1.8
/nix/store/k36im4ny7sfzl85vq8f33ns0g8bbxjgg-sbc-1.1
/nix/store/m2zwqdrbwmckn6yxa8xn8j30spvrikg5-dbus-libs-1.8.6
/nix/store/zvx2gl5sc70zkxd7zg960wzk3z0df12v-speex-1.2rc1
/nix/store/9fhiqafci21xzi4ydniwrp9ryw8nazq8-pulseaudio-5.0
/nix/store/bgr331g3g3qrszv7955hpb2ivvh7x41s-icu4c-53.1
/nix/store/xhgxirigmla4m125mz7a6dq9hfksgjvb-libjpeg-turbo-1.3.1
/nix/store/msj9arkm72hfw0ahbqzz6j9kpahaashb-libtiff-4.0.3
/nix/store/xi6jimqv2gaxq8hks3vx9imnipmwizqv-libpng-1.6.13
/nix/store/dv98mk3w7jx8f60v5n54pi5vw009ik4v-cups-1.5.4
/nix/store/nilfv1d8h1y6jyfjii75pw0wbcab2psc-libxml2-2.9.2
/nix/store/f5zcp3sainsq9x3k2ssi40bpk1fsgwzq-libxslt-1.1.28
/nix/store/80p77l6xhhkcb68gc9w7b2n75a17l0ln-orc-0.4.22
/nix/store/cwh0g04ivgwrncaaadzb4dp5flkj82bp-pixman-0.32.6
/nix/store/dl2nh80wqi07l8d0cialg8n93aip53z2-libSM-1.2.2
/nix/store/s1n8g01x9slks39amxigr6l21gz2kp6n-freetype-2.5.3
/nix/store/ir037n9vz50zinmwyx5531scmgi54mqs-fontconfig-2.10.2
/nix/store/m91g8j22igb0b0614l1838f9na1wyypy-libXt-1.1.4
/nix/store/cbvi2l71kcr9qw0b8aczv6dvq2h9msdv-renderproto-0.11.1
/nix/store/m2n48dmc08sdhszj6hv47cjnc2mg9qkl-libXrender-0.9.8
/nix/store/qndzxq4zjf9vcd3s37cvmp2afi4vpx9j-libXft-2.3.2
/nix/store/gihkrnix1z6j5j3xv3rpabzcgv2ywavs-xlibs-wrapper
/nix/store/jj94376pxvz6ihrp58k8r8x9babzr9yp-cairo-1.12.16
/nix/store/zw8ps42gd299vg8cq8mjc8kw6nmzgvs2-videoproto-2.3.2
/nix/store/kgkhzmng0wq2156bscn0zv9d0gk6d9wc-libXv-1.0.10
/nix/store/mkjs797bw892gwhak43zkswfgp913sbc-libtheora-1.1.1
/nix/store/pcliiflfinm85bdygxjgq1fcwzyvxa1x-gstreamer-0.10.36
/nix/store/qcv2i77kly19lv7m1nhpyhw1zxi9ba3a-graphite2-1.2.4
/nix/store/z2a6qkxmig8zv4wlg3kid7mlsg7dssxz-harfbuzz-0.9.35
/nix/store/xajv130il78la12mlrwgvfl2ich32v11-pango-1.32.5
/nix/store/h89lyqgrvp16db9yca6bfdvyyjj3jrax-gst-plugins-base-0.10.36
/nix/store/fw3wfm9a3l80xrcw6rvf7v2zlzg5s7dc-readline-6.3p08
/nix/store/vjkl65bpzl39nfskl31x43x4bwipfqg3-gnutar-1.27.1
/nix/store/j0781x6b8a8dxkdzvpj00x1lrk4gfg61-postgresql-9.2.9
/nix/store/zqw2zji08jsxwnmpvg5if9p5sjnwrbz3-procps-3.3.10
/nix/store/kv3dvclv19h4iv3gqc3y63apfw55marc-mysql-5.1.73
/nix/store/aldpf37l4qi0c28f6f48lgcc6dc6x9dl-compositeproto-0.4.2
/nix/store/mmpvrwawy064dlv56c6qvy26258cyf12-libXcomposite-0.4.4
/nix/store/v1jcqalbh5ph20bd6ihjc8gck9i3pprs-xkeyboard-config-2.11
/nix/store/na38pna27fz68nf1f7bjxrn8yamk64fm-libxkbcommon-0.4.2
/nix/store/sxps3hfynbjw7l9d6ypbnhapg0z6b7sv-xcb-util-keysyms-0.3.9
/nix/store/yg67dg2gwy82nyln72wd5k3c2ydd58n0-sqlite-3.8.7
/nix/store/9c7bbf06x754428p3yax78b6ca00gxm8-giflib-5.1.0
/nix/store/zvhmj0p5xdhhg12i060qkfkpnpqn78d3-libwebp-0.4.1
/nix/store/nz184gqszb9470dq5zbd3w5r9wsxxf6g-qt-5.2.1
/nix/store/qsn0yqrbfs0674p47xsdwx3wh7g5vm4s-neon-0.29.6
/nix/store/xmksqnsalz3mmsizy42r5mcsj0dfmcpz-qtkeychain-0.4.0
/nix/store/69llx5a5q9pvv1q7qyy84a3j0g9lsva7-owncloud-client-1.6.0

qknight on 20 Nov 2014

@qknight : The problem is the empty password for PKCS12.

In fact, a PKCS12 is an encrypted container, which contain sensitive informations.
So we didn't think the password could be blank.

To debug :
If PKCS12 password is empty in GUI, the line of "mirall config file" concerning password is a null QString.
After that, we need to read this password in "mirall config file".

I your case, it's null => segfault.

To allow empty password, you need to check if QString is null (in mirall config file).

Raptormagnum on 20 Nov 2014

i discovered this issue in your code (among a few other things which i will fix). however, this one is critical as it causes a segfault here. i can't understand why this code was working for you.

you need to apply this fix to stop the segfault from happening

passing the parent

diff --git a/src/wizard/owncloudwizard.cpp b/src/wizard/owncloudwizard.cpp
index 4de3c7e..df3d220 100644
--- a/src/wizard/owncloudwizard.cpp
+++ b/src/wizard/owncloudwizard.cpp
@@ -38,7 +38,7 @@ OwncloudWizard::OwncloudWizard(QWidget *parent)
     : QWizard(parent),
       _account(0),
       _setupPage(new OwncloudSetupPage(this)),
-      _httpCredsPage(new OwncloudHttpCredsPage),
+      _httpCredsPage(new OwncloudHttpCredsPage(this)),
       _shibbolethCredsPage(new OwncloudShibbolethCredsPage),
       _advancedSetupPage(new OwncloudAdvancedSetupPage),
       _resultPage(new OwncloudWizardResultPage),
@@ -56,6 +56,7 @@ OwncloudWizard::OwncloudWizard(QWidget *parent)
     setPage(WizardCommon::Page_Result, _resultPage);

enforcing the parent

diff --git a/src/wizard/owncloudhttpcredspage.h b/src/wizard/owncloudhttpcredspage.h
index 5d7e9d5..74b1c09 100644
--- a/src/wizard/owncloudhttpcredspage.h
+++ b/src/wizard/owncloudhttpcredspage.h
@@ -29,7 +29,7 @@ class OwncloudHttpCredsPage : public AbstractCredentialsWizardPage
 {
   Q_OBJECT
 public:
-  OwncloudHttpCredsPage(QWidget* parent=0);
+  OwncloudHttpCredsPage(QWidget* parent);

   AbstractCredentials* getCredentials() const;

qknight on 20 Nov 2014

@qknight : This error is due to a merge mistake... Sorry for this. Your fix was pushed to our repository. Thank you.

nocteau on 21 Nov 2014

Since I can't find any spare time to do this, here's a 50$ bounty. Hope it helps :)
https://www.bountysource.com/issues/905047-ssl-client-certificate

fredericmohr on 26 Nov 2014

@nocteau
i got your mirall, version 1.6.4 GIT, working (after a very long debugging session) and it is looking promising. therefore, good work!

there are a few things i don't like:

qt5keychain/qtkeychain.h vs qtkeychain/qtkeychain.h:
this might be a NixOS specific issue and right now i'm just renaming the #include's via sed if Qt5 is being used. this needs a better solution!
check for openssl in the CMakeLists.txt is kind of broken:
if i don't provide openssl it will start compiling but it should already fail during qmake!
when using self-signed certificates, i do: rm -Rf /home/joachim/.local/share/data/ownCloud, and then i start owncloud. afterwards i enter my domain and continue the wizard: it shows the dialog to accept this self-signed certificate and i can either check [x] 'Trust this certificate anyway' and 'ok' or hit 'cancel'. if i hit 'cancel' it will like _NEVER_ ask again but always fail with a stupid error message! this needs better usability!
bug: in csync_owncloud.c:
i see that certificatePath and certificatePasswd get initialized with NULL in setCertificatePath and i also see that it is, two lines later, also assigned by useful values like a path /home/joachim/mycliencert.p12 and a password "test" but on
static int dav_connect ( const char *base_url ) certificatePath or certificatePasswd is always NULL??!! i hardcoded it to the right values in this function and owncloud with client certificate and self signed CA works!
the first call to setCertificatePath is after oc_module csync call has already been used at least once.
comments are in french
command line interface for 'client certificates' is not implemented at all. at least write a FIXME not into the source
for the record: self signed certificate works! as well as if i import my own 'cacert.crt' (that is my own root ca public certificate) into /etc/ssl/bundle-ca.crt
with a 16Mib upload i sometimes get this SSL error on the apache webserver: [Thu Nov 27 18:45:59.039166 2014] [ssl:info] pid 24412The timeout specified has expired: [client 1.2.3.4:42831] AH01991: SSL input filter read failed.. i don't know how to fix that yet, needs more attention. this happens pretty often with uploads.

good work so far. i would want to review the patch as a whole again as my primary target was to get it running first.

qknight on 27 Nov 2014

Can you create a merge request for this (against master)? I'd be happy to review that one!

Unfortunately, moving to master will be a bit of a pain if you introduced new files, due to the restructuring done there.

danimo on 1 Dec 2014

@danimo
that patch isn't _yet_ ready for a pull request but it looks very good already.

@nocteau
could you please post me your vhost configuration for owncloud? right now i'm debugging the: 'AH01991: SSL input filter read failed' issue and since the connection is being forced down the copying to the SSLed owncloud instance does not work very well. i also had problems using TLS and was forced to use SSLv3 (which i consider insecure - 'https://wiki.bitnami.com/security/2014-10-15_POODLE_issue_with_SSLv3_(CVE-2014-3566)' ).

in /etc/apache2/sites-enabled/owncloud.conf i write:

SSLProtocol all -SSLv2 -SSLv3

and it always uses SSLv3:

[Mon Dec 15 13:53:48.879210 2014] [ssl:debug] [pid 2388] ssl_engine_kernel.c(1844): [client 1.1.1.1:59412] AH02041: Protocol: SSLv3, Cipher: ECDHE-RSA-AES256-SHA (256/256 bits)

caused by (src/miral/account.cpp):

sslConfig.setProtocol(QSsl::SslV3); // not a good default! (qknight)

good SSL defaults:

QSsl::TlsV1SslV3    4   On the client side, this will send a TLS 1.0 Client Hello, enabling TLSv1 and SSLv3 connections. On the server side, this will enable both SSLv3 and TLSv1 connections.
QSsl::SecureProtocols   5   The default option, using protocols known to be secure; currently behaves like TlsV1SslV3.

source: http://qt-project.org/doc/qt-4.8/qssl.html#SslProtocol-enum

qknight on 15 Dec 2014

@qknight :
For SSLv3 issue : Best practises wants the server must choose the protocol. The server is responsible for security. It is not the role of the client. So, on client-side, it will be set to "automatic", or equivalent (SecureProtocols will be the best choice). You're on the right way. We already patch this issue.

For Apache issue : i think apache doesn't support SSL on name-based resolution (VirtualHost *:443 must be VirtualHost 1.2.3.4:443). We are on vacation, so we don't have access to our lab. We can't send our VHost for now. Sorry.

Raptormagnum on 15 Dec 2014

@Raptormagnum apache does support ssl/tls for name-based resolution. I have *:443 running for all my vhosts, you just need to set

SSLStrictSNIVHostCheck off

in /etc/apache2/ports.conf

fredericmohr on 15 Dec 2014

From mod_ssl documentation, default value for SSLStrictSNIVHostCheck is off.
We (nocteau and me) don't have to set this value, because we have only one certificate attached to one server. We don't use multi-certificates.

By the way, we use CentOS, i don't know the default value for Debian.

Thanks for the tip :+1:

Source : http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslstrictsnivhostcheck

Raptormagnum on 15 Dec 2014

We have our own company certificate authority (CA) that's installed on all our machines. For example, on a Mac, our company CA is listed as a system-wide trusted CA in OSX's "Keychain Access" program. However, owncloud doesn't recognise this!

owncloud.org seems to use its own list of trusted CAs, not the CAs listed in the operating system.

+1000 for this feature to be added.

Update:

So I clicked "Accept this certificate". When I restarted owncloud.org, I didn't get the error!

I then restarted my computer and owncloud.org does indeed seem to be using our internal CA. Great!

Using owncloud.org 1.7.1 OSX Yosemite.

hynese on 30 Dec 2014

@hynese that's not really what this ticket is about. But nice to hear that your could solve your problem :)

@Raptormagnum what would I have to do to help you guys test the patch? I'm not really familiar with anything in git that goes beyond pull/commit/push

fredericmohr on 30 Dec 2014

@Raptormagnum

i've now ported the 1.6 patch from you guys to client/master. in the next two days i will fix the bugs i've mentioned here: https://github.com/owncloud/client/issues/69#issuecomment-64816884

here is the code:
https://github.com/qknight/client/tree/ssl-client-certs

porting the patch from 1.6 to master took about 2-3 full days since there were many structural changes as namespace 'Mirall' to 'OCC' which created a lot confusion, as well as some class renames like 'MirallConfigFile' to 'ConfigFile' and similar issues.

please note: altough the merged code compiles it is still not working yet. that said, at least the SSL issues i had with 1.6 client in combination to the 7.0.x owncloud server are gone, which is a good thing!

qknight on 30 Dec 2014

@Raptormagnum @danimo @martinKupec

both of these issues keept me from creating a pull request to upstream. i don't see how these can be cured. the first one probably easier than the second one.

summary:

IMHO: if we manage to fix these two issues, the code is ready for another round of cleanup (1day) and afterwards it can be merged into master.

Thread-local_storage issue

i need your help!

if you look at the csync/src/csync_owncloud.c source code from:
https://github.com/qknight/client/commit/1910533cc9c65b84c2b173c1088de195b8d1e9ff

you will notice that i've hardcoded the values for csync_owncloud

// CSYNC_THREAD char *certificatePath = NULL;//#UJF
// CSYNC_THREAD char *certificatePasswd = NULL;//#UJF

char bar[] = "/home/joachim/ClientCert-Datenhalde.p12";
char foo[] = "test";
CSYNC_THREAD char * certificatePath  = bar;//c_strdup ( *certPath );
CSYNC_THREAD char * certificatePasswd = foo;//c_strdup ( *certPasswd )

with that it works but if i try to use setCertificatePath the values are actually never overwritten. if they are NULL from the beginning (i've modified the initializing code from UJF) and if i comment my 4 lines of code it will never change its values.

i don't know exactly how the http://en.wikipedia.org/wiki/Thread-local_storage should actually help here but in my experiments it just does never work.

AH01991: SSL input filter read failed.

for the second issue: i compared it to the current 'master' and there i won't get any such timeouts, compared to the same master but with my cherry-picked patches from n.octeau's 1.6 owncloud 'client certificate extension'. i've carefully reviewd the 'merge' but don't see where that is coming from. however, the 'SSL input filter read failed' was also happening with the 1.6 version but back then i just assumed that the 1.7.0.4 owncloud server backend wasn't working with a probably outdated 1.6. version for some reason.

[Wed Jan 07 11:36:13.325477 2015] [ssl:info] [pid 7885] (70007)The timeout specified has expired: [client 192.168.56.1:51913] AH01991: SSL input filter read failed.
[Wed Jan 07 11:36:13.326271 2015] [ssl:debug] [pid 7885] ssl_engine_io.c(1003): [client   192.168.56.1:51913] AH02001: Connection closed to child 3 with standard shutdown (server owncloud.myhost:443)
[Wed Jan 07 11:36:13.351492 2015] [ssl:info] [pid 7891] (70007)The timeout specified has expired: [client 192.168.56.1:51914] AH01991: SSL input filter read failed.

here is the apache configuration:
https://gist.github.com/qknight/960d4be6b57d003a233f

i tried with both:

# disabled
#SSLVerifyClient require
#SSLCACertificateFile /etc/apache2/ssl/cacert.pem
#SSLVerifyDepth 1

and

# enabled
SSLVerifyClient require
SSLCACertificateFile /etc/apache2/ssl/cacert.pem
SSLVerifyDepth 1

@hynese
on linux you simply have to append your CA to /etc/ssl/certs/ca-bundle.crt and i guess there is something similar on mac os x. i wonder, did you try this code with client certificates already and did it work for you, WITH client certificate enforcement on the server turned on?

qknight on 7 Jan 2015

nailed it!

fixed the feared _Thread-local_storage issue_ from https://github.com/owncloud/client/issues/69#issuecomment-69006604, see fix here:
https://github.com/qknight/client/commit/a35bdd3299a03cba6206512e8cba4f4bce2fb9a3

to sum up:
certPath and certPassword are not set from void HttpCredentials::syncContextPreInit (CSYNC* ctx)

thanks a lot to ogoffart and others in #owncloud-client on freenode! _awesome_

one major issue to go, and then cleanup and we're done!

qknight on 9 Jan 2015

https://github.com/qknight/client/commit/faabcf2cf5fd995b2028a5662f2cc4f74539f1e2 fixes the "owncloud-client SSL problem" described here: https://github.com/owncloud/client/issues/69#issuecomment-69358377

i've also cleaned up these two files: csync_owncloud.c/csync_owncloud.h where i accidentally reimported code, which was used in 1.6 but dropped in current master (which will be released as version 1.8) .

qknight on 12 Jan 2015

todo:

[ ] allow for empty .p12 password and test that it works
[ ] write a short blogpost how to use this technology

note, i won't implement this:

[ ] wizard/owncloudsetuppage.cpp -> void OwncloudSetupPage::setErrorString( const QString& err ) -> replace 'string matches' by QNetworAccessmanager error message, see:
- owncloudsetuppage.cpp
- networkjobs.cpp -> void AbstractNetworkJob::slotFinished()
[ ] impelemnt the cmd.cpp interface
[ ] print an error, when the ini file is corrupted (happend twice for unknown reason) and contains no certpath nor password

done

[x] 'rebase' this on current master
[x] 'rebase -i HEAD~10' <- reduce the amount of patches
[x] make Account::setCertificate's certificate a QByteArray (not a QString)
[x] fix usability in -> void OwncloudSetupPage::setErrorString
[x] cherry-pick the https://github.com/qknight/client/commit/076e1b98d934640ab0e70f7561b98c1a31909656
[x] fix all 'FIXME qknight'
[x] incorporate ogoffart's comments on the code
[x] translate all french comments into english
[x] check that this code is also usable with servers not wanting a client certificate
[x] remove //#UJF comments
[x] remove all warnings related to this patch

qknight on 12 Jan 2015

@nocteau
ogoffart from #[email protected] asked both of us to sign the 'owncloud contributor agreement', see:
https://owncloud.org/contribute/agreement/

could you please to that, we can contribute this code?

qknight on 13 Jan 2015

@nocteau
clould you please tell me what license you had in mind for p12topem.cpp/p12topem.h, you wrote that code yourself, right?

qknight on 13 Jan 2015

@qknight
I write all p12topem.cpp/p12topem.h code. I think GPL is the best (like desktop client ?).

nocteau write all other code inside desktop client.

We will sign the agreement this week.

Raptormagnum on 13 Jan 2015

@nocteau
that is wonderful news! thanks a lot.

qknight on 13 Jan 2015

bummer

just detected this hack of yours:

        /*QString msg = tr("<p>Could not connect securely:</p><p>%1</p><p>Do you want to connect unencrypted instead (not recommended)?</p>").arg(err);
        QString title = tr("Connection failed");
        if (QMessageBox::question(this, title, msg, QMessageBox::Yes, QMessageBox::No) == QMessageBox::Yes) {
            QUrl url(_ui.leUrl->text());
            url.setScheme("http");
            _ui.leUrl->setText(url.toString());
            // skip ahead to next page, since the user would expect us to retry automatically
            wizard()->next();
        }/*
        slotAskCertificate();
    }

hope i find a good solution usability wise.

qknight on 13 Jan 2015

This code path should be triggered quite rarely now, since I have improved the heuristics, see 7ac32a19b563bb17abe7fe9c9fbc245682e34711 and 51d7559a2cb22a62b22d558fdd149d2276336d3a.

danimo on 13 Jan 2015

@Raptormagnum

added the GPL header to your commit (which you probably want to be there anyway), please speak up if you disagree.

https://github.com/qknight/client/commit/cae5f39da5e4c9fbf402e1996b05733a04c708b3

qknight on 14 Jan 2015

@Raptormagnum @nocteau @danimo

can you please review this condition https://github.com/qknight/client/commit/601f562d974c82d4750064a51031fd9293a27126#commitcomment-9271474. the issue might be that other webservers might yield different error messages and the wizard thus may fail then.

other https client error messages i get

when i try to connect using _curl_ i get:

curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

if i'm using _chromium_, i get:

Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

when using _firefox_, i get:

SSL peer was unable to negotiate an acceptable set of security parameters. (Error code: ssl_error_handshake_failure_alert)

and finally when using _qt5_, i get:

01-14 01:43:58:688 0xfd3dd0 networkjobs.cpp:158 void OCC::AbstractNetworkJob::slotFinished() 6 "SSL handshake failed" 
01-14 01:43:58:688 0xfd3dd0 networkjobs.cpp:453 error: status.php replied  0 "" 
01-14 01:43:58:688 0xfd3dd0 owncloudsetuppage.cpp:236 -------------------------------- 
01-14 01:43:58:689 0xfd3dd0 owncloudsetuppage.cpp:237 "Failed to connect to ownCloud at   https://owncloud.myhost/status.php:<br/>SSL handshake failed"

on the remote i'm using apache.

qknight on 14 Jan 2015

@Raptormagnum @nocteau @danimo @ogoffart

todo

my todo list is getting smaller:
https://github.com/owncloud/client/issues/69#issuecomment-69633156

i've also incororapted all the chagnes ogoffart wanted me to do. that is, together we did a code review on irc two days ago but i don't want to copy the list here.

wizard

still, one major issue is the wizard:
https://github.com/owncloud/client/issues/69#issuecomment-69857999
but as it works for me i would leave that for the moment.

general advice needed

please advice how the integration should proceed? if it were for me we can now go towards a pull request as the code is probably ready for 1.8

qknight on 15 Jan 2015

@Raptormagnum @nocteau @danimo @ogoffart @guruz

SSL client cert supported 'master'

good news! here is a preview of the merge i've been doing:
https://github.com/qknight/client/tree/ssl-client-certs-reduced-merge-preview

it could be merged directly. but i want to have some feedback first and i'm also thinking about a rebase of these features to the current master. what do you devs want?

Internal Server Error" QVariant(int, 500) QVariant(QString, "Internal Server Error")

when testing i discovered a issue with a patch6a0c9fdd34c9058849a77307af7879fa238a085a from ogoffart.

how to reproduce the problem:

that is, if i upload a file called 'uuuuuuuu.img' with 603.2MB big file the server using the owncloud-client 'master'
after the file is copied the owncloud-client 'master' starts syncing the 603.2MB file in certain chunks, of which all are transfered
the final step kind of always fails

when i restart the owncloud client 'master' it will try to sync it again with the same procedure as described above.

if you want i can give you my virtual machine image or a SSH login into the machine.

git bisect told me...

that the first time this problem occures is with this patch:

commit 6a0c9fdd34c9058849a77307af7879fa238a085a
Author: Olivier Goffart <[email protected]>
Date:   Wed Jan 14 11:20:09 2015 +0100
   Propagate upload: Change the default chunk size to 5MiB and make chunk upload parallel

   The server is slow to process each chunk. As a result the time between
   the chunks is not neglectible. Therefore we gain a lot of time by
uploading the chunks in parallel. So the bandwitdh is used when the
server is waiting between chunks.
src/libsync/propagateupload.cpp | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

log file

01-19 19:22:20:387 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-84" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 19:22:20:388 0x1a48dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "111111111.img" 85 -60470957 0 
01-19 19:22:20:388 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 19:22:20:388 0x1a48dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x2124730) 
01-19 19:22:20:388 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/111111111.img-chunking-4231350611-121-87" 
01-19 19:22:20:389 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x2038540) 
01-19 19:22:20:657 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ffe990) 
01-19 19:22:20:702 0x1a48dd0 connectionvalidator.cpp:123 # Check whether authenticated propfind works. 
01-19 19:22:20:703 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PropfindJob created for  QUrl( "https://owncloud.myhost" )  querying "/" 
01-19 19:22:21:114 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-85" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 19:22:21:114 0x1a48dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "111111111.img" 86 -60470957 0 
01-19 19:22:21:114 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 19:22:21:114 0x1a48dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1bd6130) 
01-19 19:22:21:114 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/111111111.img-chunking-4231350611-121-88" 
01-19 19:22:21:115 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ffe990) 
01-19 19:22:21:655 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x2076430) 
01-19 19:22:22:705 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-86" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 19:22:22:705 0x1a48dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "111111111.img" 87 -60470957 0 
01-19 19:22:22:705 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 19:22:22:705 0x1a48dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x205dfc0) 
01-19 19:22:22:706 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/111111111.img-chunking-4231350611-121-89" 
01-19 19:22:22:706 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x2076430) 
01-19 19:22:22:909 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x2124730) 
01-19 19:22:23:281 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1bd6130) 
01-19 19:22:23:634 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x205dfc0) 
01-19 19:22:24:594 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-87" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 19:22:24:594 0x1a48dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "111111111.img" 88 -60470957 0 
01-19 19:22:24:595 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 19:22:24:595 0x1a48dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ffa980) 
01-19 19:22:24:595 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/111111111.img-chunking-4231350611-121-90" 
01-19 19:22:24:596 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x2124730) 
01-19 19:22:25:227 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-88" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 19:22:25:228 0x1a48dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "111111111.img" 89 -60470957 0 
01-19 19:22:25:230 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 19:22:25:230 0x1a48dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1cf35e0) 
01-19 19:22:25:231 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/111111111.img-chunking-4231350611-121-91" 
01-19 19:22:25:231 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1bd6130) 
01-19 19:22:25:896 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-89" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 19:22:25:896 0x1a48dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "111111111.img" 90 -60470957 0 
01-19 19:22:25:896 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 19:22:25:896 0x1a48dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ff8570) 
01-19 19:22:25:896 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/111111111.img-chunking-4231350611-121-92" 
01-19 19:22:25:896 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x205dfc0) 
01-19 19:22:26:200 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1cf35e0) 
01-19 19:22:26:654 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ff8570) 
01-19 19:22:26:999 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ffa980) 
01-19 19:22:27:464 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-92" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 19:22:27:464 0x1a48dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "111111111.img" 91 -60470957 0 
01-19 19:22:27:464 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 19:22:27:464 0x1a48dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x2038540) 
01-19 19:22:27:465 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/111111111.img-chunking-4231350611-121-93" 
01-19 19:22:27:465 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ff8570) 
01-19 19:22:27:990 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-90" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 19:22:27:991 0x1a48dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "111111111.img" 91 -60470957 0 
01-19 19:22:27:991 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 19:22:27:991 0x1a48dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1d07940) 
01-19 19:22:27:991 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/111111111.img-chunking-4231350611-121-94" 
01-19 19:22:27:992 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ffa980) 
01-19 19:22:28:322 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x2038540) 
01-19 19:22:29:265 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-91" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 19:22:29:266 0x1a48dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "111111111.img" 92 -60470957 0 
01-19 19:22:29:266 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 19:22:29:266 0x1a48dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1a7e410) 
01-19 19:22:29:267 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/111111111.img-chunking-4231350611-121-95" 
01-19 19:22:29:267 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1cf35e0) 
01-19 19:22:29:789 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-93" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 19:22:29:789 0x1a48dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "111111111.img" 94 -60470957 0 
01-19 19:22:29:789 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 19:22:29:789 0x1a48dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ff18f0) 
01-19 19:22:29:789 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/111111111.img-chunking-4231350611-121-96" 
01-19 19:22:29:790 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x2038540) 
01-19 19:22:30:154 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ff18f0) 
01-19 19:22:30:534 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1a7e410) 
01-19 19:22:31:116 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-96" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 19:22:31:116 0x1a48dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "111111111.img" 95 -60470957 0 
01-19 19:22:31:116 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 19:22:31:116 0x1a48dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x20b3ae0) 
01-19 19:22:31:117 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/111111111.img-chunking-4231350611-121-97" 
01-19 19:22:31:117 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ff18f0) 
01-19 19:22:32:013 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-95" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 19:22:32:013 0x1a48dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "111111111.img" 95 -60470957 0 
01-19 19:22:32:013 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 19:22:32:014 0x1a48dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1fed820) 
01-19 19:22:32:014 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/111111111.img-chunking-4231350611-121-98" 
01-19 19:22:32:014 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1a7e410) 
01-19 19:22:32:299 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1d07940) 
01-19 19:22:32:917 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-94" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 19:22:32:917 0x1a48dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "111111111.img" 95 -60470957 0 
01-19 19:22:32:917 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 19:22:32:918 0x1a48dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1aa5c20) 
01-19 19:22:32:918 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/111111111.img-chunking-4231350611-121-99" 
01-19 19:22:32:919 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1d07940) 
01-19 19:22:33:181 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1fed820) 
01-19 19:22:33:390 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x20b3ae0) 
01-19 19:22:34:707 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-97" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 19:22:34:707 0x1a48dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "111111111.img" 98 -60470957 0 
01-19 19:22:34:707 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 19:22:34:707 0x1a48dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1aa69d0) 
01-19 19:22:34:708 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/111111111.img-chunking-4231350611-121-100" 
01-19 19:22:34:708 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x20b3ae0) 
01-19 19:22:34:912 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-98" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 19:22:34:913 0x1a48dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "111111111.img" 99 -60470957 0 
01-19 19:22:34:913 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 19:22:34:913 0x1a48dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1cf3120) 
01-19 19:22:34:913 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/111111111.img-chunking-4231350611-121-101" 
01-19 19:22:34:913 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1fed820) 
01-19 19:22:35:335 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1aa5c20) 
01-19 19:22:35:688 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1aa69d0) 
01-19 19:22:35:932 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1cf3120) 
01-19 19:22:36:657 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-99" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 19:22:36:657 0x1a48dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "111111111.img" 100 -60470957 0 
01-19 19:22:36:657 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 19:22:36:657 0x1a48dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1d07940) 
01-19 19:22:36:658 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/111111111.img-chunking-4231350611-121-102" 
01-19 19:22:36:658 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1aa5c20) 
01-19 19:22:37:329 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-101" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 19:22:37:329 0x1a48dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "111111111.img" 101 -60470957 0 
01-19 19:22:37:329 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 19:22:37:329 0x1a48dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ff3020) 
01-19 19:22:37:329 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/111111111.img-chunking-4231350611-121-103" 
01-19 19:22:37:330 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1cf3120) 
01-19 19:22:37:802 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ff3020) 
01-19 19:22:38:234 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-100" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 19:22:38:234 0x1a48dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "111111111.img" 101 -60470957 0 
01-19 19:22:38:234 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 19:22:38:234 0x1a48dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x200eb50) 
01-19 19:22:38:235 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/111111111.img-chunking-4231350611-121-104" 
01-19 19:22:38:235 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1aa69d0) 
01-19 19:22:38:640 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x200eb50) 
01-19 19:22:39:333 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-103" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 19:22:39:334 0x1a48dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "111111111.img" 103 -60470957 0 
01-19 19:22:39:334 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 19:22:39:334 0x1a48dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ff8570) 
01-19 19:22:39:334 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/111111111.img-chunking-4231350611-121-105" 
01-19 19:22:39:335 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ff3020) 
01-19 19:22:40:145 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-104" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 19:22:40:146 0x1a48dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "111111111.img" 103 -60470957 0 
01-19 19:22:40:146 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 19:22:40:146 0x1a48dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ff9d60) 
01-19 19:22:40:146 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/111111111.img-chunking-4231350611-121-106" 
01-19 19:22:40:147 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x200eb50) 
01-19 19:22:40:589 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1d07940) 
01-19 19:22:40:918 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ff9d60) 
01-19 19:22:41:152 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ff8570) 
01-19 19:22:41:824 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-106" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 19:22:41:824 0x1a48dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "111111111.img" 103 -60470957 0 
01-19 19:22:41:824 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 19:22:41:824 0x1a48dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ff18f0) 
01-19 19:22:41:824 0x1a48dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/111111111.img-chunking-4231350611-121-107" 
01-19 19:22:41:825 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ff9d60) 
01-19 19:22:42:230 0x1a48dd0 networkjobs.cpp:158 void OCC::AbstractNetworkJob::slotFinished() 299 "Error downloading https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-105 - server replied: Internal Server Error" 
01-19 19:22:42:230 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-105" )  FINISHED WITH STATUS 299 "Error downloading https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-105 - server replied: Internal Server Error" QVariant(int, 500) QVariant(QString, "Internal Server Error") 
01-19 19:22:42:230 0x1a48dd0 propagateupload.cpp:435 "" 
01-19 19:22:42:230 0x1a48dd0 networkjobs.cpp:158 void OCC::AbstractNetworkJob::slotFinished() 5 "Operation canceled" 
01-19 19:22:42:230 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-102" )  FINISHED WITH STATUS 5 "Operation canceled" QVariant(Invalid) QVariant(Invalid) 
01-19 19:22:42:230 0x1a48dd0 qiodevice.cpp:821 QIODevice::read: device not open
01-19 19:22:42:230 0x1a48dd0 propagateupload.cpp:435 "" 
01-19 19:22:42:230 0x1a48dd0 networkjobs.cpp:158 void OCC::AbstractNetworkJob::slotFinished() 5 "Operation canceled" 
01-19 19:22:42:230 0x1a48dd0 propagateupload.cpp:411 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/111111111.img-chunking-4231350611-121-107" )  FINISHED WITH STATUS 5 "Operation canceled" QVariant(Invalid) QVariant(Invalid) 
01-19 19:22:42:230 0x1a48dd0 qiodevice.cpp:821 QIODevice::read: device not open
01-19 19:22:42:230 0x1a48dd0 propagateupload.cpp:435 "" 
01-19 19:22:42:230 0x1a48dd0 syncengine.cpp:819 void OCC::SyncEngine::slotJobCompleted(const OCC::SyncFileItem &) "111111111.img" 1 "Operation canceled" 
01-19 19:22:42:231 0x1a48dd0 syncengine.cpp:819 void OCC::SyncEngine::slotJobCompleted(const OCC::SyncFileItem &) "111111111.img" 1 "Operation canceled" 
01-19 19:22:42:231 0x1a48dd0 syncjournalfilerecord.cpp:114 This error is not blacklisted  0 
01-19 19:22:42:231 0x1a48dd0 syncengine.cpp:819 void OCC::SyncEngine::slotJobCompleted(const OCC::SyncFileItem &) "111111111.img" 2 "Operation canceled" 
01-19 19:22:42:232 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ff18f0) 
01-19 19:22:42:232 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1d07940) 
01-19 19:22:42:232 0x1a48dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1ff8570) 
01-19 19:22:42:232 0x1a48dd0 syncjournaldb.cpp:68 void OCC::SyncJournalDb::walCheckpoint() took 0 msec 
01-19 19:22:42:232 0x1a48dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "All Finished."  
01-19 19:22:42:234 0x1a48dd0 syncengine.cpp:865 CSync run took  107503 
01-19 19:22:42:236 0x1a48dd0 folder.cpp:855 -> SyncEngine finished with ERROR, warn count is 1 
01-19 19:22:42:237 0x1a48dd0 folder.cpp:406 Processing result list and logging took  0  Milliseconds. 
01-19 19:22:42:241 0x1a48dd0 folder.cpp:426 OO folder slotSyncFinished: result:  3 
01-19 19:22:42:241 0x1a48dd0 folder.cpp:877   ** error Strings:  ("Operation canceled", "Operation canceled", "111111111.img: Operation canceled") 
01-19 19:22:42:241 0x1a48dd0 folder.cpp:879     * owncloud csync thread finished with error 
01-19 19:22:42:241 0x1a48dd0 folder.cpp:899 the last 2 syncs failed 
01-19 19:22:42:309 0x1a48dd0 owncloudgui.cpp:257 Folder in overallStatus Message:  OCC::Folder(0x1bea120)  with name  "ownCloud" 
01-19 19:22:42:309 0x1a48dd0 owncloudgui.cpp:182 Sync state changed for folder  "ownCloud" :  "Error" 
01-19 19:22:42:509 0x1a48dd0 folderman.cpp:661 <===================================== sync finished for  "ownCloud" 
01-19 19:22:42:703 0x1a48dd0 folderman.cpp:619 void OCC::FolderMan::slotEtagPollTimerTimeout() No folders need to check for the remote ETag 
01-19 19:22:42:710 0x1a48dd0 folderman.cpp:560 XX slotScheduleFolderSync: folderQueue size:  0 
01-19 19:22:49:702 0x1a48dd0 networkjobs.cpp:224 !!! OCC::CheckQuotaJob created for  QUrl( "https://owncloud.myhost" )  querying "/"

reverting 6a0c9fdd34c9058849a77307af7879fa238a085a

seems to work, please see yourself!

note: i did use 'master' and not my merged master for that test.

01-19 23:19:49:299 0x13d9dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 23:19:49:299 0x13d9dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x199f3b0) 
01-19 23:19:49:306 0x13d9dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/foo.img-chunking-2400032938-31-26" 
01-19 23:19:49:306 0x13d9dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1b3a440) 
01-19 23:19:49:939 0x13d9dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x199f3b0) 
01-19 23:19:50:703 0x13d9dd0 folderman.cpp:619 void OCC::FolderMan::slotEtagPollTimerTimeout() No folders need to check for the remote ETag 
01-19 23:19:50:720 0x13d9dd0 propagateupload.cpp:424 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/foo.img-chunking-2400032938-31-26" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 23:19:50:720 0x13d9dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "foo.img" 27 -1907517270 0 
01-19 23:19:50:720 0x13d9dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 23:19:50:721 0x13d9dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1729830) 
01-19 23:19:50:727 0x13d9dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/foo.img-chunking-2400032938-31-27" 
01-19 23:19:50:728 0x13d9dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x199f3b0) 
01-19 23:19:51:381 0x13d9dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1729830) 
01-19 23:19:51:702 0x13d9dd0 networkjobs.cpp:224 !!! OCC::CheckQuotaJob created for  QUrl( "https://owncloud.myhost" )  querying "/" 
01-19 23:19:52:335 0x13d9dd0 propagateupload.cpp:424 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/foo.img-chunking-2400032938-31-27" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 23:19:52:335 0x13d9dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "foo.img" 28 -1907517270 0 
01-19 23:19:52:335 0x13d9dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 23:19:52:336 0x13d9dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1b3a440) 
01-19 23:19:52:340 0x13d9dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/foo.img-chunking-2400032938-31-28" 
01-19 23:19:52:340 0x13d9dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1729830) 
01-19 23:19:53:000 0x13d9dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1b3a440) 
01-19 23:19:53:769 0x13d9dd0 propagateupload.cpp:424 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/foo.img-chunking-2400032938-31-28" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 23:19:53:769 0x13d9dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "foo.img" 29 -1907517270 0 
01-19 23:19:53:769 0x13d9dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 23:19:53:769 0x13d9dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1a69b80) 
01-19 23:19:53:775 0x13d9dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/foo.img-chunking-2400032938-31-29" 
01-19 23:19:53:776 0x13d9dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1b3a440) 
01-19 23:19:54:425 0x13d9dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1a69b80) 
01-19 23:19:54:702 0x13d9dd0 connectionvalidator.cpp:123 # Check whether authenticated propfind works. 
01-19 23:19:54:703 0x13d9dd0 networkjobs.cpp:224 !!! OCC::PropfindJob created for  QUrl( "https://owncloud.myhost" )  querying "/" 
01-19 23:19:55:408 0x13d9dd0 propagateupload.cpp:424 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/foo.img-chunking-2400032938-31-29" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 23:19:55:408 0x13d9dd0 syncjournaldb.cpp:944 "INSERT OR REPLACE INTO uploadinfo (path, chunk, transferid, errorcount, size, modtime) VALUES ( ?1 , ?2, ?3 , ?4 ,  ?5, ?6 )" "foo.img" 30 -1907517270 0 
01-19 23:19:55:408 0x13d9dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "Upload info" and starting new transaction 
01-19 23:19:55:408 0x13d9dd0 bandwidthmanager.cpp:89 void OCC::BandwidthManager::registerUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1b30a40) 
01-19 23:19:55:410 0x13d9dd0 networkjobs.cpp:224 !!! OCC::PUTFileJob created for  QUrl( "https://owncloud.myhost" )  querying "/foo.img-chunking-2400032938-31-30" 
01-19 23:19:55:410 0x13d9dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1a69b80) 
01-19 23:19:55:622 0x13d9dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1b30a40) 
01-19 23:20:20:704 0x13d9dd0 folderman.cpp:619 void OCC::FolderMan::slotEtagPollTimerTimeout() No folders need to check for the remote ETag 
01-19 23:20:22:703 0x13d9dd0 networkjobs.cpp:224 !!! OCC::CheckQuotaJob created for  QUrl( "https://owncloud.myhost" )  querying "/" 
01-19 23:20:26:702 0x13d9dd0 connectionvalidator.cpp:123 # Check whether authenticated propfind works. 
01-19 23:20:26:703 0x13d9dd0 networkjobs.cpp:224 !!! OCC::PropfindJob created for  QUrl( "https://owncloud.myhost" )  querying "/" 
01-19 23:20:33:110 0x13d9dd0 propagateupload.cpp:424 void OCC::PropagateUploadFileQNAM::slotPutFinished()  QUrl( "https://owncloud.myhost/remote.php/webdav/foo.img-chunking-2400032938-31-30" )  FINISHED WITH STATUS 0 "" QVariant(int, 201) QVariant(QString, "Created") 
01-19 23:20:33:111 0x13d9dd0 syncjournalfilerecord.cpp:80 OCC::SyncJournalFileRecord::SyncJournalFileRecord(const OCC::SyncFileItem &, const QString &) "/home/joachim/ownCloud/foo.img" Retrieved inode  21104085 (previous item inode:  21104085 ) 
01-19 23:20:33:111 0x13d9dd0 syncjournaldb.cpp:577 "INSERT OR REPLACE INTO metadata (phash, pathlen, path, inode, uid, gid, mode, modtime, type, md5, fileid, remotePerm, filesize) VALUES (?1 , ?2, ?3 , ?4 , ?5 , ?6 , ?7,  ?8 , ?9 , ?10, ?11, ?12, ?13);" 3222149468463566437 7 "foo.img" 21104085 0 "1420815828" "0" "54bd9140bbf50" "00001861oc1e01c820f9" "" 632520704 
01-19 23:20:33:111 0x13d9dd0 syncjournaldb.cpp:954 "DELETE FROM uploadinfo WHERE path=?1" "foo.img" 
01-19 23:20:33:111 0x13d9dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "upload file start" and starting new transaction 
01-19 23:20:33:112 0x13d9dd0 syncengine.cpp:772 void OCC::SyncEngine::slotJobCompleted(const OCC::SyncFileItem &) "foo.img" 4 "" 
01-19 23:20:33:112 0x13d9dd0 bandwidthmanager.cpp:116 void OCC::BandwidthManager::unregisterUploadDevice(OCC::UploadDevice *) OCC::UploadDevice(0x1b30a40) 
01-19 23:20:33:116 0x13d9dd0 syncjournaldb.cpp:68 void OCC::SyncJournalDb::walCheckpoint() took 0 msec 
01-19 23:20:33:116 0x13d9dd0 syncjournaldb.cpp:1257 void OCC::SyncJournalDb::commitInternal(const QString &, bool) Transaction commit  "All Finished."  
01-19 23:20:33:118 0x13d9dd0 syncengine.cpp:818 CSync run took  88253 
01-19 23:20:33:120 0x13d9dd0 folder.cpp:863 -> SyncEngine finished without problem. 
01-19 23:20:33:120 0x13d9dd0 folder.cpp:406 Processing result list and logging took  0  Milliseconds. 
01-19 23:20:33:120 0x13d9dd0 folder.cpp:432 OO folder slotSyncFinished: result:  3 
01-19 23:20:33:189 0x13d9dd0 owncloudgui.cpp:257 Folder in overallStatus Message:  OCC::Folder(0x15799a0)  with name  "ownCloud" 
01-19 23:20:33:189 0x13d9dd0 owncloudgui.cpp:182 Sync state changed for folder  "ownCloud" :  "Success" 
01-19 23:20:33:391 0x13d9dd0 folderman.cpp:661 <===================================== sync finished for  "ownCloud" 
01-19 23:20:33:591 0x13d9dd0 folderman.cpp:560 XX slotScheduleFolderSync: folderQueue size:  0

qknight on 19 Jan 2015

@Raptormagnum @nocteau @danimo @ogoffart @guruz

i've went for a clean rebase with the 'ssl client certificate' feature and here is the code & pull request:
https://github.com/owncloud/client/pull/2734

please review the code! i will sign the http://owncloud.org/contribute/agreement/ tomorrow.

qknight on 22 Jan 2015

signed the agreement and i'm now a contributor.

qknight on 28 Jan 2015

@qknight I am merging your patch as we are speaking!

danimo on 28 Jan 2015

Awesome :) @qknight should get the bounty (correct me if I'm wrong...)

Anyone know when 1.8 will be released?

fredericmohr on 28 Jan 2015

@fredericmohr We'll see about bounties once it's really in, but I'm certainly not claiming it, and if I do (in other places), I'd donate it to the next developer meeting as long as I'm an employee of ownCloud Inc.

1.8 will be released in the forthcoming weeks, with a first beta this week.

danimo on 28 Jan 2015

I am looking forward to this feature, and gave the current master branch (@ 22d3a4a48f544b31 the commit right after the merge) a go.

I can build and run the client (although I have to build against Qt5 because of missing functionality in QSslCertificate). The client seems to work as expected when I disable client-side SSL-security.

With SSL client-side certificates required however, ownCloud fails after asking me for the URL:

ocssl

Is there a way to configure ownCloud to use client-side certificates without using the wizard? Or is there a way to trigger the wizard?

Anything I can do to help debug this issue?

jdhoek on 28 Jan 2015

On 01/28/2015 03:40 PM, Jeroen Hoek wrote:

I am looking forward to this feature, and gave the current master branch
(@ 22d3a4a
https://github.com/owncloud/client/commit/22d3a4a48f544b316884a644b41fa7ac767557e0
the commit right after the merge) a go.

I can build and run the client (although I have to build against Qt5
because of missing functionality in |QSslCertificate|). The client seems
to work as expected when I disable client-side SSL-security.

With SSL client-side certificates required however, ownCloud fails after
asking me for the URL:

ocssl
https://cloud.githubusercontent.com/assets/683699/5939365/4c9377e0-a703-11e4-82b3-0af7adf2f6f8.png

Is there a way to configure ownCloud to use client-side certificates
without using the wizard? Or is there a way to trigger the wizard?

Anything I can do to help debug this issue?

you are probably talking about using owncloudcmd, right? client certificate support is implemented for the interface but it does not have command line toggles yet. so this still needs to be adressed.

for now you have to use the GUI wizard,

—
Reply to this email directly or view it on GitHub
https://github.com/owncloud/client/issues/69#issuecomment-71844472.

Joachim Schiele

blog: http://blog.lastlog.de
wiki: http://lastlog.de
jabber: [email protected]
GPG: C6AC8770

qknight on 28 Jan 2015

Perhaps I'm overlooking it, but how is the SSL certificate part of the GUI wizard triggered? I appear to be stuck on entering the URL and getting above error.

jdhoek on 28 Jan 2015

you are probably talking about using owncloudcmd, right?

Either that (which is not possible at this moment as you say) or editing owncloud.cfg directly. Is that an option?

jdhoek on 28 Jan 2015

Editing owncloud.cfg is not possible, since values are encrypted.

Raptormagnum on 28 Jan 2015

I've managed to trigger the certificate-wizard by hacking the build at https://github.com/owncloud/client/commit/d70e146c1fbeee8416fd7311ef2e1a0bb08afb83#diff-3632911ba5d2efed29ee297417addc71R239 I've removed the if/else block and left only slotAskSSLClientCertificate();.

With the hacked build I can complete the wizard, and successfully connect to my ownCloud-server. :tada:

The client does segfault after a bit, but I can see my shares before that happens, so the SSL-side of the story works.

Am I correct in suspecting that my server's error message prevents the wizard from triggering? I return a 403 error code and a HTML error page.

jdhoek on 28 Jan 2015

you should not get a segfault. Can you reproduce the crash? do you have a backtrace? can you make a separate bug report about it?

ogoffart on 28 Jan 2015

After a bit of searching I haven't found any agreed upon or even de facto standard for the HTTP message returned by servers that require client-side certificates to gain access, except for the return code 403. It might not be possible for the ownCloud client to guess that it should be asking for a client-side certificate.

Is it possible to add a checkbox to the wizard at the point where you enter the URL of the server for this purpose?

☑ Server requires a valid SSL certificate to connect

It should probably be hidden under an advanced toggle or something similar.

@ogoffart
Yes. Not yet. Certainly. :smiley:

I'll look into it and open a separate issue for the segfault.

jdhoek on 29 Jan 2015

@jdhoek there is no http status code specifying the requested authentication type. 403 can be issued on missing/failed http auth, accessing a URL requiring a web login, or for a missing client certificate. The behaviour of a missing client certificate may vary depending on the server config (see here for the Apache config).

In case of a mandatory client certificate, the ssl handshake will fail. This should be detectable by the client.
In case of an optional client certificate, a http response is issued. Since all http responses may contain a body, it is possible to return some (Owncloud-specific) status info specifying the kind of authentication required, e.g. a json or xml body with the desired information.

_Edit_: imho, the highest security benefit is achieved with mandatory client certificates; in this case, the authentication is fully handled by the server's ssl library, no php code will be executed in case of a failed authentication. Besides, the Apache documentation points out some possible browser problems with optional client certificates. Thus, I'd recommend the mandatory access control.

Skyr on 29 Jan 2015

it is possible to return some (Owncloud-specific) status info specifying the kind of authentication

Not neccessarily. I wouldn't be surprised if you find that those people using client side ssl do so directly within apache, because they may not trust owncloud (or other services) enough to allow it accept connections from the (non-certificate-having) outside world.

natschil on 29 Jan 2015

@Skyr
Setting an ownCloud specific message would solve the issue, but returning a cold SSL handshake failed string is not very user-friendly. This of course depends on the situation, but to give an example; at my company we run Nginx as a security proxy that takes care of the SSL client certificate validation before passing the request on to the service we host (like ownCloud, Gitlab, DokuWiki, etc.). Our users know what to do when they see the familiar human-oriented (HTML) error page.

@natschil
Exactly. You don't get to our ownCloud (or any hosted service) server without a valid certificate (we do allow access to the ownCloud server through VPN though, pending this issue). It is a sensible setup if you host multiple private services for your users.

jdhoek on 29 Jan 2015

missing libcrypto.so check

just found out that my CMakeLists.txt does not have a test for libcrypto.so and i will fix that in the next few days. got a lot of stuff to do right now, so sorry for not answering.

installtion on ubuntu 14.04

see http://www.golem.de/news/eigene-cloud-daten-nach-hause-holen-1406-107155-4.html

we were using this sequence

git checkout -b  ssl-client-certs-reduced-merge origin/ssl-client-certs-reduced-merge
git fetch -r
mkdir build
cd build/

sudo aptitude install qt5-default
sudo aptitude install qt5keychain-dev
sudo aptitude install libqt5webkit5-dev
sudo aptitude install libqt5xmlpatterns5-dev
sudo aptitude install qttools5-dev qttools5-dev-tools
sudo aptitude install libneon27-dev
sudo aptitude install sqlite3
sudo aptitude install libsqlite3-dev
sudo aptitude install openssl-dev
sudo aptitude install libgnutls-openssl-dev

cmake -DCMAKE_SKIP_BUILD_RPATH=false -DCMAKE_BUILD_TYPE=Debug -DCMAKE_BUILD_WITH_INSTALL_RPATH=false -DCMAKE_INSTALL_RPATH_USE_LINK_PATH=true  -DCMAKE_INSTALL_PREFIX=`pwd` ..

bin/owncloud

note: please don't use 'make install' as it will spoil your installation.

qknight on 29 Jan 2015

I'll test this

danimo on 2 Feb 2015

FYI @danimo QObject::connect: No such slot OCC::Folder::slotNetworkUnavailable()

guruz on 5 Feb 2015

TODO: Consistent naming:

TLS Client Certificates
SSL Client Certificates
SSL/TLS Client Certificates

danimo on 6 Feb 2015

i've created some documentation how to use this feature here:

http://blog.lastlog.de/posts/owncloud_ssl_client_certificates/

feedback to the blog posting please via email to [email protected]

qknight on 8 Feb 2015

Due to https://github.com/owncloud/client/issues/2810, I had to disable client certificates (at least the setup) for now, because we are releasing Beta1 tomorrow and I don't want to have an officially released version with security issues. If someone manages to fix this for the next beta (by using QtKeychain), I'll re-activate the feature.

danimo on 12 Feb 2015

@qknight I'd be nice if you could contribute the blog to the official documentation once we have a go for the feature (see above).

danimo on 12 Feb 2015

this patch was reverted for the 1.8 release! please see discussion here:

https://github.com/owncloud/client/issues/2810

qknight on 13 Feb 2015

Not reverted as stated above, only modified so new setups can no longer be performed. Old ones should still work. And only until the password is stored securely.

danimo on 13 Feb 2015

@danimo not reverted in the GIT sense but in functionality. sorry i was not very precise.

qknight on 13 Feb 2015

good news! the problem #2810 is nearly fixed! my hacky code already works and does save any certificate password in the /home/joachim/.local/share/data/ownCloud/owncloud.cfg configuration file anymore.

https://github.com/qknight/client/compare/master-ssl-client-certs-glaub-defekt

warning: code contains hardcoded values so it won't work for you without modifications, search for 'schiejo' which has to be replaced by your username.

next step: cleanup with danimo.

qknight on 15 Feb 2015

Sorry guys, but we will move this to 1.8.1 rather than 1.8.0. Too little time left for this intrusive thing.

dragotin on 23 Feb 2015

@dragotin
Understandable. Storing the passwords securely is important. Would you happen to know roughly when 1.8.1 might be expected?

jdhoek on 23 Feb 2015

@jdhoek we aim for four or rather six weeks after the release of 1.8.0.

dragotin on 23 Feb 2015

+1 for Client Certificates feature ! Using SSH tunnel to access owncloud is not comfortable in all situations.

a0s on 5 Mar 2015

What are the chances that this will be available in the mobile client in the near future?

orodbhen on 21 Mar 2015

@rperezb do you wanna comment on the mobile clients?

dragotin on 21 Mar 2015

As per @danimo 's comments: We need to make this a Qt5 only feature because of bugs in Qt.
That means for 1.9 we can also remove the neon-specific parts and have it Qt 5.3.2+ only (as this is the WITHOUT_NEON requirement)

guruz on 8 Apr 2015

Just a simple question for all the developers here... I see that adding a client certificate in the desktop client is discussed here, but does this feature request also concerns accepting a client certificate in OwnCloud Core for user validation (based on certificate CN)?

Dennis1984120 on 10 Apr 2015

@Dennis1984120 No, this is about configuring your Apache/nginx for the certificate.

guruz on 10 Apr 2015

@Dennis1984120 Maybe you coul'd write an app to do this ? Like the user_webdavauth or user_external ? :-)

Raptormagnum on 10 Apr 2015

Thanks, but unfortunately I do not have time to implement such a feature, I also haven't programmed any code for the last 6 years :-). However, I can make a feature request (if there isn't one already?) and donate a $ 25,- bounty for it.

It probably implies changes on the clients as well, as it should be possible to NOT enter username/password and just provide a client certificate.

Dennis1984120 on 10 Apr 2015

@Dennis1984120

Client-side certificates are often employed as a second factor of authentication, so the username and password are still required in such a set up. Also, because the certificates tend to be handled by a webserver (e.g., Apache or Nginx) acting as a proxy for services such as ownCloud, the ownCloud server may not even know that client-side certificates are used.

jdhoek on 10 Apr 2015

On 10.04.2015 09:22, Dennis wrote:

Thanks, but unfortunately I do not have time to implement such a
feature, I also haven't programmed any code for the last 6 years :-).
However, I can make a feature request (if there isn't one already?) and
donate a $ 25,- bounty for it.

It probably implies changes on the clients as well, as it should be
possible to NOT enter username/password and just provide a client
certificate.

i've described the required setup here:
http://blog.lastlog.de/posts/owncloud_ssl_client_certificates/

Joachim Schiele

blog: http://blog.lastlog.de
wiki: http://lastlog.de
jabber: [email protected]
GPG: C6AC8770

qknight on 10 Apr 2015

The client is unable to connect to apache with "SSLVerifyClient optional". Is it this issue or should I file a new one?

auxsvr on 27 May 2015

@auxsvr New issue, pls

danimo on 27 May 2015

When will this feature be released? I read 1.8.0, then 1.8.1, now 1.8.2 is out, but I didn't see anything in the changelog. Somewhere above 1.9 was mentioned due to Qt problems. Is 1.9 the intended release version for client cert support, and if yes, any idea when it might come out?

fredericmohr on 8 Jun 2015

I have actually implemented a client certificate user mapping in owncloud. Meaning that the webserver (apache, nginx) ensures that the client certificate in the request is valid (signed by a specific CA), and passes this client certificate to PHP. Owncloud on the other hand now knows that the client certificate is valid and looks into the certificate to get the common name (commonName) from the subject. It then uses this common name as username, so if there is a user with this UID, it does not require a password. So far it works like a charm, however it might be a little difficult to setup for people who don't know how PKIs work and how to build one by yourself. Also it requires the owncloud admin to:

Create the user in owncloud, password is necessary, but can be random
Get the certificate+key somehow to the user, so either sign a CSR or generate a key+certificate
If the client certificate is compromised, the admin must either disable the user or revoke the certificate and generate a new CRL (the webserver needs to load that CRL properly).

So far this works only for the webpage, so the browser needs the certificate. I am still not sure how the authentication works (I didn't even look into it right now) for WebDAV, but my guess is it's not that hard to do this kind of mapping there too.

I will open a pull request soon.

pweingardt on 22 Jul 2015

@fredericmohr Afaik you can set the keys http_certificatePath and http_certificatePasswd in the .cfg file

https://github.com/owncloud/client/blob/45b598cacbfcc7e0da04bacb408688bf0a16b294/src/libsync/configfile.cpp#L611

guruz on 29 Jul 2015

Is there still any progress on this issue? It is really unfortunate that it still hasn't made it into the sync clients. I think this is a really important issue regarding organizations that require hardened setups.

I thought we were really close finalizing this a couple of months ago, but it seems to me now that it has lower priority.

Dennis1984120 on 3 Sep 2015

@Dennis1984120 Unfortunately, this patch has caused more trouble than it was worth (due to bugs in Qt). Also, the feature is not on the roadmap of ownCloud Inc for a lack of demand by our customers, so unless someone volunteers to maintain this feature, it will stay in the current state, sorry.

danimo on 3 Sep 2015

Thanks for your quick answer @danimo! Is there anything I can do to quicken things up beside posting another bounty? What is the Qt issue? Is it number #2810?

Dennis1984120 on 3 Sep 2015

Would also love to see this feature. It is the only thing stopping us from using the desktop client at this stage

CharlieNZ on 13 Sep 2015

@Dennis1984120 This is about bugs in Qt4 that have been resolved since. The biggest blocker at this point is that Qt is not able to detect when client certs are needed, making for a poor user experience.

Posting bounties is pretty useless I guess, but you can of course try. Either you find someone with the necessary skills who is willing to keep maintaining this feature, or it will not happen. Another way is purchasing an ownCloud license and thus influencing the time that us ownCloud Inc devs work on it.

danimo on 13 Sep 2015

@guruz: For users who can't wait for a complete implementation - could you please share some configuration hints for using http_certificatePath and http_certificatePasswd in Owncloud client configuration file.

I tried to add these variables to ~/.local/share/data/ownCloud/owncloud.cfg (on Linux; owncloud client 2.2.2):

\Folders\1\ignoreHiddenFiles=true
1\Folders\1\localPath=/home/myuser/owncloud
1\Folders\1\paused=false
1\Folders\1\targetPath=/
1\authType=http
1\http_certificatePasswd=secret
1\http_certificatePath=/home/myuser/certs/myuser.p12
1\http_user=myuser
1\serverVersion=
1\url=https://www.myserver.com/owncloud-test
1\user=myuser

After debugging Owncloud client I found that

http_certificatePasswd=secret
http_certificatePath=/home/myuser/certs/myuser.p12

should be in "[owncloud]" section.

Now Owncloud client can setup an account with client authentication. But some seconds after starting the synchronisation I still get

07-06 22:52:39:177 24134 OCC::AbstractNetworkJob::slotFinished: void OCC::AbstractNetworkJob::slotFinished() QNetworkReply::NetworkError(UnknownNetworkError) "Error while reading: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure, error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure" QVariant(Invalid)

My client is from the none-standard cacert.org CA. My Apache server successfully verifies it. But I am unsure, if the Owncloud client fully accepts the certificate.

bjoernv on 6 Jul 2016

👍1

How much bounty is still needed to get this feature in a release version?

com2 on 15 Jul 2016

👍2

In Windows 7, config is in c:\Users\user\AppData\Local\ownCloudowncloud.cfg. BUT! If I try edit it manually and then start Owncloud client, all my settings become clear...

[Accounts]
0\Folders\1localPath=C:/Users/user/ownCloud/
version=2
0\Folders\1\targetPath=/
0\url=https://localhost/owncloud
0\Folders\1\paused=false
0\serverVersion=9.1.0.15
0\Folders\1\ignoreHiddenFiles=false
0http_certificatePasswd=
0http_certificatePath=
0http_user=my-user-name
0\authType=http
0\user=my-user-name

Oh, I spent whole the day in order to setup my own CA (this experience is valuable ;)), I've access through IE, Chrome and what??? Native client DOES NOT ALLOW so MUST-HAVE feature??? Oh, no...

This is HOLE in SECURITY, because httpd/php are not very secure. And easy ability to limit allowed devices is not work... Very bad...

Syncthing? Another day-two experiments? Oh...

billybons2006 on 17 Sep 2016

Dude, dont't confuse plain HTTP and lack of client certificates.
OwnCloud runs five over SSL link.
If you have a question - rather than ranting, you should ask that question. It greatly increaes your chances at receiving the answer.

AnrDaemon on 18 Sep 2016

Ok, your way! Question: is it possible to use SSL AUTH (with or without regular password auth) with native owncloud client? The idea: httpd allow to https://my_own_cloud only devices with ssl certificate, which signed my own CA. Option "SSLVerifyClient require" for httpd. This feature can seriously increase security.

Add: this question is for Windows, MacOS, iOS.

billybons2006 on 20 Sep 2016

No, it can not increase security.

AnrDaemon on 20 Sep 2016

@AnrDaemon: you rightfully complained about the previous post of @billybons2006 of not being constructive and of little value. You last answer is equally unconstructive and unfriendly. If you consider that @billybons2006 is a relatively unexperienced person (which I would infer from their posts) your answer will result in this person either being put off from the project or continue this conversation about "can or cannot increase security". Either way, this does not bring much value to this thread nor to implementing this feature.

If you are a developer and can do something about this feature then provide an appropriate comment. If you are a community member that cares about quality of posts from less experienced members, then please do it decently.

If am neither (nor a github policeman) but I have a feeling that there is a lot of energy and time wasted here from all people involved in this and other threads.

Many thanks for your understanding.

moscicki on 21 Sep 2016

Look, I could write a lengthy essay on X.509 and SSL usage in general, but the bottom line would be: client certificates ease automation and provide consistent access control for automated services, but they do NOT increase security by any means imaginable.
The problem is that people are told "SSL is good" and they take it for granted without an afterthought. In the light of this trend, I see HTTPS itself as useful as plain HTTP, and about as secure.
Just a single quote from my article:

Entire certification system is built upon practically ifinitely inherited trust.
Installing a root CA certificate into your system, you are with your very hands telling it that:
"I(you!) trust the issuer of this certificate and I will consider trusted every certificate this entity issued."
(Now, for a moment: your system has about a hundred of root certificates preinstalled without your full consent, to which it doubtlessly trust.)

AnrDaemon on 21 Sep 2016

Dear @AnrDaemon, by saing "increase security" I meant that using ssl is additional layer (something two-factor) of auth. On the other hand, using one long and very streight password (which hard to remember) VS using SSL (from outside attackers) and regular password (from my so-workers) can be much more useful.

I can use (and use ;)) fail2ban, but if several people using one owncloud server, ban by IP will ban all users, not only one.

Any way, owncloud very good, I use it and advise my friends.

I agree with @moscicki and ready to close my question. Thank you all!

billybons2006 on 21 Sep 2016

I've picked this up again and I'm working on several things:

Re-enabling the certificate config dialog that had been contributed for usage from the wizard
Storing of cert and key inside the keychain instead of storing p12 path and password in the config.
Storing per account instead of global

guruz on 21 Oct 2016

👍1

PR in https://github.com/owncloud/client/pull/5289 is ready to test.
Please compile from fix_client_certs branch and (re?)-setup the specific account. It should show a dialog in the wizard that lets you set the client certificate.

Please comment your test findings on https://github.com/owncloud/client/pull/5289 .. not here.

guruz on 5 Dec 2016

The PR is merged. We would need some testing from you guys:)
There was an issue with updating the nightlies on Linux which should be fixed now.

Please download from or compile yourself (master branch)
https://owncloud.org/install/#testing-development

Note that it needs a current Qt version (>= 5.5 or so)

guruz on 3 Jan 2017

👍1

Done as part of 2.3

guruz on 25 Jan 2017

Client: TLS Client certificate support [$110]

Most helpful comment

All 129 comments

running owncloud

segfault

dependencies i am using:

passing the parent

enforcing the parent

caused by (src/miral/account.cpp):

Thread-local_storage issue

AH01991: SSL input filter read failed.

other https client error messages i get

todo

wizard

general advice needed

SSL client cert supported 'master'

Internal Server Error" QVariant(int, 500) QVariant(QString, "Internal Server Error")

git bisect told me...

log file

reverting 6a0c9fdd34c9058849a77307af7879fa238a085a

missing libcrypto.so check

installtion on ubuntu 14.04

Related issues