SSL Funambol on Android without adding Certificates
Recently I wrote a blog entry about how to add a root certificate to your rooted android keystore for using SSL funambol.
This works perfectly as long as you have root access to the device.
Sometimes you come into the situation where you cannot root the device, eg. in a corporate environment or if you just don’t want to crack a new device just to make the funambol client working, like me for now.
I’ve got a new Motorola Xoom and needed funambol to sync my contacts and calendar entries.
After asking Mr. Google there are only 2 ways till Android 4.x is ready:
- Using http without ssl
- Using ssl and recode the funambol client to accept all cert’s
I decided to use the 2nd solution – this also refreshes my java a little bit :-)
Of course i want to share everything with you – if you’re too lazy to read all the stuff you can point your Android client here to install my compiled Funambol 10.0.8 client without the certificate check:
funambol-android-client-10.0.8-devBioS.apk
Please take special care that you use the correct version numbers mentioned, e.g don’t accidently use the JDK 1.7 like me the first time, it will fail ;)
This readme has perfectly everything that you need to setup a fully working android development environment:
I used the Android SDK 2.1 API v.7 (selected in the Android SDK Manager) and the SVN source from here: https://android-client.forge.funambol.org/svn/android-client/tags/10.0.8
Login with user guest without a password when asked.
Follow all the steps in the ReadMe, i changed to following to the get the client to compile:
Note that i installed the android sdk and javacc to C:\Android\…
Change the build.xml around line 10, replace
<property file=”${user.home}/funambol/build/android/build.properties”/>
with
<property file=”${basedir}/build.properties”/>
around line 54, replace
<property name=”android-tools-platform” value=”${sdk-folder-platform}/tools”/>
with
<property name=”android-tools-platform” value=”${sdk-folder}/platform-tools”/>
Copy the build.properties.example and set the following variables, according to your path, be careful with the forward slashes even for windows:
sdk-folder=C:/Android/android-sdk
android.sdk.version=7
javacchome=C:/Android/javacc-4.0
This should allow you to run “ant” as stated in the ReadMe.txt and successfully compile a debug version, test to your liking with “ant install” if it is working.
Now on to the changes that i did, kudos to transdroid.org for writing the 2 Fake classes:
Add the following files in <funambol source>\externals\java-sdk\common\src\main\java-se-android\com\funambol\platform (take care, CaSe SeNsItIvE!)
Change HttpConnectionAdapter.java (same path …. platform) around line 227:
schemeRegistry.register(new Scheme(“https”, SSLSocketFactory.getSocketFactory(), 443));
with
schemeRegistry.register(new Scheme(“https”,new FakeSocketFactory(), 443));
Again run ant and ant install and test if the funambol client works without certificate problems.
Now we need to create a release version that is signed, i used a tutorial from here:
http://developer.android.com/guide/publishing/app-signing.html
After creating a keystore, change the build.properties again,
add
keystore.file=C:/Path/To/Your/Keystore-release-key.keystore
keystore.alias=youralias
keystore.password=Password – changeme ;)
Run “ant release” aaaaaand
Now you have an fully working new funambol client without the certificate check but still with SSL encryption!
Have Phun ^^
Milan said,
January 12, 2012 at 13:42
Hi,
thanks a lot for providing compiled package. It there any possibility how to replace already installed funambol application ? The installer reports signature problem and I don’t wont to uninstall funambol with all my data bind to it.
Thanks,
Milan
devbios said,
January 13, 2012 at 10:31
Hi!
Normally replacement should be no problem, but in that case the Funambol App is signed with my key instead of funambol development staff.
I dig into this and see if i can produce something that will work out of the box without uninstalling an previous installed funambol.
devbios said,
January 13, 2012 at 15:04
Hi again Milan,
after a little research it is not possible to replace the origina funambol client installed from market. This is because “updates” of an App needs to be signed by the same key, as i have my own key the System guess that i’m somebody else and thus not allowing the “replacement” or update.
The only option you have when you have is to remove the Market Application (including removing all the entries funambol made to your calender etc.) and installing my Version.
But i do not see a problem there because all your entries will come back when you setup the Sync again – or i’m wrong?
– BioS
Wessix said,
February 19, 2012 at 12:11
Hi, your recompiled app is so helpfull for all those who run for examample an eGroupWare on their own NAS and have no trusted certficate.
What do you think, would it be possible for you to do the same for the windows client?
I’m no programmer and can not calculate how much work it is for someone who is into it. But i think / know that there are many people out there who would appreciate such a recompiled client.
Thx for your work!
devbios said,
February 19, 2012 at 16:09
Hi Wessix,
didn’t know that so much people have problems with it ;)
i *think* this is not a big problem to remove the certificate check out of the original windows client, but is it not more easy to just import the self signed certificate (this is what i’ve done for windows).
Or are there any problems with importing i just don’t think of, admin rights for example?
Do you mean the windows client that is also used for syncing outlook?
Greetz,
BioS
Wessix said,
February 19, 2012 at 18:55
Yes i mean the funambol windows sync client,
Well i should try with a self signed certificate, but for example i’ve read about some users who still have problems not only with funambol but with the I.e. and self signed certificates.
I also think you get problems if you want to sync 1 time from inside a local network Ip range 192.168.1.x and another time from the web because you have to give one specific Common Name .
Correct me if i am wrong.
In the German Synology community Forum (synology is one leading NAS company) there are many users, mostly people who own a small firm that want to use some kind of Exchange alternative, and funambol or eGroupWare which has an integrated funambol server could be a good solution, but in the eGroupware forums i read about a lot users wanting to sync with android and failed, me too. then i read carefully my sync log and saw it is a certificate Problem. I found your site and posted your solution there and got replies from people who are happy, because it helped them to.
So, you see your labour bears fruits.
I’ll try with the certificate and post
Grettings