CalDAV sync broken in iOS12

PatrickR · September 20, 2018, 8:14pm

Hi!

After upgrading to iOS 12 the CalDAV sync stopped working. When adding a new account identical to the old one, iOS shows the error CalDAV account verification failed.

access log:
192.168.0.161 - - [20/Sep/2018:20:12:24 +0000] “OPTIONS /remote.php/dav/principals/users/pr/ HTTP/1.1” 401 1679 “-” “iOS/12.0 (16A366) dataaccessd/1.0”
192.168.0.161 - - [20/Sep/2018:20:12:24 +0000] “PROPFIND /remote.php/dav/principals/users/pr/ HTTP/1.1” 401 1675 “-” “iOS/12.0 (16A366) dataaccessd/1.0”
192.168.0.161 - - [20/Sep/2018:20:12:24 +0000] “PROPFIND /remote.php/dav/principals/users/pr/ HTTP/1.1” 401 1679 “-” “iOS/12.0 (16A366) dataaccessd/1.0”
192.168.0.161 - - [20/Sep/2018:20:12:32 +0000] “PROPFIND /remote.php/dav/principals/users/pr/ HTTP/1.1” 401 1673 “-” “iOS/12.0 (16A366) accountsd/1.0”

According to https://central.owncloud.org/t/ios-12-calendar-ios-stock-via-caldav/15648/2 Apple might have changed the way the credentials are sent.

Patrick

regatta · September 22, 2018, 2:34pm

Hi!

I have the same problem here. Which access log are you talking about? In the logfile of my nextcloud server I can’t see any entries.

Thanks,

regatta

Bernie_O · September 22, 2018, 6:23pm

I do not encounter any problems.
Could you give more information (nextcloud version, webserver, http/https, OS, …)?

EDIT: there is also a Github issue open:

Maybe it is SSL related. Do you both use http?

Nemskiller · September 22, 2018, 9:47pm

I have ssl with letsencrypt.
I don’t have any problems. With older accounts and new ones.
It’s from 10.10 that apple begins its fight against no and self signed certificate.
Now it doesn’t want anymore self signed cert. maybe you have to tweak the system using installation profile for making it to work with that.

You better considering using letsencrypt and upload your good certs

regatta · September 23, 2018, 4:59am

Hi Bernie_O,

SSL is not used. The server can be contacted just locally, not from outside the local network.

Bernie_O · September 23, 2018, 5:34am

I can’t confirm that: I just added a CalDAV account to my iOS12 phone from my testinstallation with self signed certificate without any problems (without installation profile) - so selfsigned certificates do work with iOS 12 (of course you have to tell iOS12 to trust the certificate when adding the CalDAV account).

@regatta: could you add a selfsigned certificate and try whether that solves the issue for you?

regatta · September 23, 2018, 6:29am

All right. I have to find out, how such a certificate can be added (the machine is not reachable from the internet). I will give feedback as soon as I have more information.

[EDIT: how the certificate can be created, not added]

Bernie_O · September 23, 2018, 6:44am

generate a key with:
openssl genrsa -out internal_4096.key 4096
then generate the certificate (10 years valid):
openssl req -x509 -new -out internal.crt -sha512 -days 3650 -key internal_4096.key

PatrickR · September 23, 2018, 11:15am

Also not using SSL because of a local and filtered access.

/edit: Nextcloud 14.0.0

Patrick

danguba · September 23, 2018, 12:20pm

Hi Guys,

I tried to connect my nextcloud calendar with an iOS12 device and it didn’t work. I used this server address:

https://XXX.next-cloud.org/remote.php/dav/principals/users/USERNAME/.

It worked on iOS 11 but won’t on 12. Can someone help me? Btw: I don’t know anything about certificates in this context yet.

Thanks

Bernie_O · September 23, 2018, 1:00pm

@danguba:
Try this (and the according answers):

Or this:

Good luck!

danguba · September 24, 2018, 5:59pm

Thank you Bernie, solved! But it wasn’t the port number. When setting up the calDav-account it is cruical to write the server address the very first time correct. And dont write “https://” when typing the server address.

Nemskiller · September 25, 2018, 5:52am

For me i have to put https:// because i closed port 80.
It’s strange that on your iOS12 it didn’t work with https:// in your server address.

PatrickR · September 25, 2018, 7:20pm

Still no luck here even without http/https.

Bernie_O · September 26, 2018, 8:31am

To me it looks like Apple has dropped support for synching CalDAV without SSL with iOS12. So, what in your case probably might help, is configuring your webserver to serve Nextcloud via https and then delete/add your account in iOS again.

PatrickR · September 30, 2018, 1:37am

Switching to https worked for me. Thank you.

Nemskiller · September 30, 2018, 9:34am

Now you can modify your topic to wrote it as solved.

Look at the end of your first post you will have an icon for marking this topic as solved and poiting the post who helped you.

It’s important to do that, when scrolling the forum you can see that this topic is solved and if you wanna to see why, you get a shortcut to the answer

PatrickR · September 30, 2018, 9:58am

Good morning!

I will happily do that when the problem is solved. Currently, there is a workaround for the problem which is a completely different thing. Marking the thread solved would lower the chances to get the bug in either iOS12 or nextcloud fixed.

Patrick

Nemskiller · September 30, 2018, 10:21am

So what is your problem now with iOS 12 ?
Is that you can’t have it working in http or self signed cert ?

PatrickR · September 30, 2018, 10:38am

Hi!

Self-signed-cert aka snakeoil works, http does not (see initial post for details).

Patrick