SSL Funambol on Android without adding Certificates

December 26, 2011 at 22:36 (Android) (, , , , , , , , )

Recently I wrote a blog entry about how to add a root certificate to your rooted android keystore for using SSL funambol.
This works perfectly as long as you have root access to the device.

Sometimes you come into the situation where you cannot root the device, eg. in a corporate environment or if you just don’t want to crack a new device just to make the funambol client working, like me for now.

I’ve got a new Motorola Xoom and needed funambol to sync my contacts and calendar entries.

After asking Mr. Google there are only 2 ways till Android 4.x is ready:

  • Using http without ssl
  • Using ssl and recode the funambol client to accept all cert’s

I decided to use the 2nd solution – this also refreshes my java a little bit :-)

Of course i want to share everything with you – if you’re too lazy to read all the stuff you can point your Android client here to install my compiled Funambol 10.0.8 client without the certificate check:

For Android < 4.0 this binary works:

Direct download with android: funambol-android-10.0.8_Tasks-devBioS.apk

Mirror 1: funambol-android-10.0.8_Tasks-devBioS.apk

Since ICS (>= 4.0) people having problems syncing Calender. This is because they made changes in the Calender API wich renders the Calendar Sync unusable, you can use this binary (which only works on ICS and greater):
Direct download with android: funambol-android-10.1.3_Tasks-devBioS.apk

UPDATE 2012-04-03: I activated the task sync feature also and re-uploaded the binary.
If anyone is intrested in the source on how to activate it, drop me a line and i will update the post.

Please take special care that you use the correct version numbers mentioned, e.g don’t accidently use the JDK 1.7 like me the first time, it will fail ;)

This readme has perfectly everything that you need to setup a fully working android development environment:

Funambol Android ReadMe.txt

I used the Android SDK 2.1 API v.7 (selected in the Android SDK Manager) and the SVN source from here: https://android-client.forge.funambol.org/svn/android-client/tags/10.0.8

Login with user guest without a password when asked.
Follow all the steps in the ReadMe, i changed to following to the get the client to compile:

Note that i installed the android sdk and javacc to C:\Android\…

Change the build.xml around line 10, replace

<property file=”${user.home}/funambol/build/android/build.properties”/>

with

<property file=”${basedir}/build.properties”/>

around line 54, replace

<property name=”android-tools-platform” value=”${sdk-folder-platform}/tools”/>

with

<property name=”android-tools-platform” value=”${sdk-folder}/platform-tools”/>

Copy the build.properties.example and set the following variables, according to your path, be careful with the forward slashes even for windows:

sdk-folder=C:/Android/android-sdk
android.sdk.version=7
javacchome=C:/Android/javacc-4.0

This should allow you to run “ant” as stated in the ReadMe.txt and successfully compile a debug version, test to your liking with “ant install” if it is working.

Now on to the changes that i did, kudos to transdroid.org for writing the 2 Fake classes:

Add the following files in <funambol source>\externals\java-sdk\common\src\main\java-se-android\com\funambol\platform (take care, CaSe SeNsItIvE!)

FakeSocketFactory.java

FakeTrustManager.java


Change
HttpConnectionAdapter.java (same path …. platform) around line 227:

schemeRegistry.register(new Scheme(“https”, SSLSocketFactory.getSocketFactory(), 443));

with

schemeRegistry.register(new Scheme(“https”,new FakeSocketFactory(), 443));

Now we add Task syncronization that works with Astrid Tasks:

Open the file <funambol source>\src\com\funambol\android\AndroidCustomization.java

Change  around line 93:

private final boolean  TASKS_AVAILABLE         = false;
private final boolean  TASKS_ENABLED           = false;

with

private final boolean  TASKS_AVAILABLE         = true;
private final boolean  TASKS_ENABLED           = true;

Change  (uncomment) around line 171:

//AndroidAppSyncSourceManager.TASKS_ID,

with

AndroidAppSyncSourceManager.TASKS_ID,

One more change we need to allow Task syncronization:

Change  (uncomment) <funambol source>\AndroidManifest.xml.template around line 67-70:

<!–
<uses-permission android:name=”com.todoroo.astrid.WRITE” />
<uses-permission android:name=”com.todoroo.astrid.READ” />
–>

with

<uses-permission android:name=”com.todoroo.astrid.WRITE” />
<uses-permission android:name=”com.todoroo.astrid.READ” />

Again run ant and ant install and test if the funambol client works without certificate problems.

Now we need to create a release version that is signed, i used a tutorial from here:
http://developer.android.com/guide/publishing/app-signing.html

After creating a keystore, change the build.properties again,

add

keystore.file=C:/Path/To/Your/Keystore-release-key.keystore
keystore.alias=youralias
keystore.password=Password – changeme ;)

Run “ant release” aaaaaand

Now you have an fully working new funambol client without the certificate check but still with SSL encryption!

Have Phun ^^

Advertisements

32 Comments

  1. Milan said,

    Hi,
    thanks a lot for providing compiled package. It there any possibility how to replace already installed funambol application ? The installer reports signature problem and I don’t wont to uninstall funambol with all my data bind to it.
    Thanks,
    Milan

    • devbios said,

      Hi!

      Normally replacement should be no problem, but in that case the Funambol App is signed with my key instead of funambol development staff.

      I dig into this and see if i can produce something that will work out of the box without uninstalling an previous installed funambol.

    • devbios said,

      Hi again Milan,

      after a little research it is not possible to replace the origina funambol client installed from market. This is because “updates” of an App needs to be signed by the same key, as i have my own key the System guess that i’m somebody else and thus not allowing the “replacement” or update.

      The only option you have when you have is to remove the Market Application (including removing all the entries funambol made to your calender etc.) and installing my Version.

      But i do not see a problem there because all your entries will come back when you setup the Sync again – or i’m wrong?

      — BioS

  2. Wessix said,

    Hi, your recompiled app is so helpfull for all those who run for examample an eGroupWare on their own NAS and have no trusted certficate.

    What do you think, would it be possible for you to do the same for the windows client?

    I’m no programmer and can not calculate how much work it is for someone who is into it. But i think / know that there are many people out there who would appreciate such a recompiled client.

    Thx for your work!

    • devbios said,

      Hi Wessix,

      didn’t know that so much people have problems with it ;)

      i *think* this is not a big problem to remove the certificate check out of the original windows client, but is it not more easy to just import the self signed certificate (this is what i’ve done for windows).

      Or are there any problems with importing i just don’t think of, admin rights for example?

      Do you mean the windows client that is also used for syncing outlook?

      Greetz,
      BioS

      • Wessix said,

        Yes i mean the funambol windows sync client,

        Well i should try with a self signed certificate, but for example i’ve read about some users who still have problems not only with funambol but with the I.e. and self signed certificates.
        I also think you get problems if you want to sync 1 time from inside a local network Ip range 192.168.1.x and another time from the web because you have to give one specific Common Name .
        Correct me if i am wrong.
        In the German Synology community Forum (synology is one leading NAS company) there are many users, mostly people who own a small firm that want to use some kind of Exchange alternative, and funambol or eGroupWare which has an integrated funambol server could be a good solution, but in the eGroupware forums i read about a lot users wanting to sync with android and failed, me too. then i read carefully my sync log and saw it is a certificate Problem. I found your site and posted your solution there and got replies from people who are happy, because it helped them to.

        So, you see your labour bears fruits.

        I’ll try with the certificate and post

        Grettings

  3. szarak said,

    Great, good job with this SSL, you may update this post about task sync.

  4. salzi said,

    Hey. Thank you so much!
    It works great after I uninstalled the FunV10 Client. I’m akso interessted in an update about task sync.

    • devbios said,

      Hey guys, just updated the post with the modifications needed to get Tasks working.

      Have Phun ;)

  5. Fran said,

    Hi, thanks a lot. I´ve learned so much from this post. I´ve been trying for a while to figure out how to enable the tasks. However i´ve downloaded and installed your precompiled package and the they still don´t show up for me. Also, i´m getting a network error when trying to sync the contacts and the calender. Is it maybe because i´m running funambol through SSL on port 8443 (i´m using 443 for Open Xchange)?
    I don´t know what i´m doing wrong. I´m trying to compile my own client but it´s giving me quite a hard time (i´m not a programmer). Would it be too much to ask you for another precompiled package with enabled tasks function. I´m sure you have better things to do but it would be very much appreciated.

    • devbios said,

      Hi Fran,

      for Tasks you need the “Astrid” App installed on your device.

      it doesn’t matter what port you are using, for myself i’m using also some other port beside 443.
      I think some of your settings are wrong, maybe you should activate debug logging and search for the synclog.txt on your android device.

      This one gives you really good tip’s where to search further in case of a network error.

      Have Phun,
      BioS

      • Fran said,

        Excellent. Cheers BioS. Astrid did the job perfectly. Also the connection problem is resolved. I made a mistake generating the self-signed certificate.
        Thanks again for your help and the compiled package.

  6. andy said,

    Great work. Thanks. Tasks working after a couple of goes. Only problem is no calendar to sync….any ideas? Also I sync to 2 accounts on my phone/tablet. Is there any way to do that? The funambol blurb talks about multiple users using the same device bit then the client doesn’t let me do it. I downloaded Mokobi which will run alongside your client but I can only use http with that :-(

    • devbios said,

      The only thing i’m using right now is the syncronization of calendar / phonebook / tasks with different computers + different phones using one funambol account. I don’t really understand what you are trying to do, can you explain it a little bit deeper?

      • andy said,

        I’ve got two calendars, contacts and task lists, one for work stuff and one for personal stuff, but need to access both from one phone/tablet. The calendars, in particular, are best viewed together. I’ve had my phone synced to two google accounts and want the same functionality without having to use commercial services that either I have to pay for or they do God-knows-what with my data. Not to mention that google sync tools generally seem to be crap so i’ve got differwnt bits of data in diffe re nt places. At the moment I can sync 2 funambol accounts using 2 different clients on the same device, but not securely, only http. I’d settle for only being able to sync 1 securely (pending learning to code…..but no time for that now!) but no calendar using your client…not sure why :-(

    • devbios said,

      Hey andy,

      sorry didn’t replied you yet.
      I never have tried to sync 2 funambol accounts to the same device but the idea is great ;)

      I don’t have any ideas how to do that correctly, sorry for that.

      For the calendar thing i have a look if i could recompile a newer client from newer sources, but for my ICS4.04 it’s working.. strange..

  7. Vlad said,

    First of all, thanks for a great work! The app has been working for me on Androind 2.3 for a while. Now I’ve got SGS 2 with ICS (4.03). Although I can sync contacts perfectly fine, I have two issues:
    – Calendar simply not available (?) for sync
    – Tasks are presented and synced just fine (according funambol), but the task list in Astrid is empty.
    Any ideas? As well you mentioned, that it might be possible to use “standard” funambol client from Google play with SSL without installing CA certs on the device, right?

    • devbios said,

      Hi Vlad,
      this is really strange, i use the exactly same client with ICS 4.04 (custom rom, rooted) for a while now (without calendar sync there), but astrid is working fine.

      You can use the standard Google Play funambol client with SSL – but you need to add the certificates to the Device in some way, OR let a commercial CA Center create it for you, for example verisign.com.
      Somewhere on the internet a read about ICS and better self-signed certificate support, so it could be possible but i didn’t tried that yet.

      Either way, if you want you can root the device and add the funambol certificate to the certificate chain and you should be able to happily use the standard funambol client. But be aware that you void warranty if you root it.
      The way how to add a custom certificate to android with a rooted device is described here: https://devbios.wordpress.com/2011/08/23/adding-root-certificates-to-android-phone-with-root-access/

    • devbios said,

      Just saw that you’re the second one having problems to sync the calendar, if i have some spare time i try to get the newest sources of the funambol client and adding my changes to it, maybe the client is too old.

      If you want to do me favor, you can try the standard google play client if it syncs without SSL with your calendar.

      • Andy said,

        Hi devbios,

        I’ve tried the google play client and it syncs fine without SSL. I’m using it over wifi at the moment as a short stop solution.

        Cheers :)

      • devbios said,

        This is great, so if i can find the newest development tree the chance is high that it will work with my changes ;)

  8. Vlad said,

    I can prove as well that the latest version from Google Play works fine with Calendar sync all over SSL (if you add custom CA to device).

  9. Vlad said,

    I’m afraid that the latest sources you can grab only via svn from sourceforge, as the latest packages are very old.

    • devbios said,

      Hey guys, i got the 10.1.3 sources and applied the patches as above, compiles it for ICS and tested it very fast.
      If you want you can get the version from above and check if the task and calendar sync are working with ICS.

      I think this will be the last release, because they took the task sync completly out of their newest versions.. But still the SSL “problem” can be fixed there..

  10. szarak said,

    Hi, If you have problem sync calendar over SSL with ICS 4.0.x you should take working version 10.1.3 (from svn), make changes (SSL) and you may also unlock sync notes (the same as tasks). Its working for me (SG2).

    • devbios said,

      Thanks for that point, i tried to use the 11 branch, but there they took out notes and task sync completly from the source..

  11. Vlad said,

    Hi,

    Thanks a lot for compiling the new version. I saw the you activated sync for notes as well, at least I’ve been able to use it. I’ve tried to comple this version myself as well, but unsuccessfully. I’ve installed all the software required as described in
    the README.txt, but when I run ant it gives me almost instantly an error
    “Basedir /home/test/funambol/10.1.3/externals/java-sdk/common does not
    exist”. If I create this directory manually it gives the error below:
    BUILD FAILED
    /home/test/funambol/10.1.3/build.xml:757: The following error occurred
    while executing this line:
    java.io.FileNotFoundException: /home/test/funambol/10.1.3/externals/java-sdk/common/build/android/build.xml (No such file or directory)

    Do you have any ideas what could be wrong?

    • devbios said,

      Hehe, i ran into the same problem, there are a couple of more changes i made to the svn sources, but i thought that I just was too stupid to setup the sources correctly ;)

      I will update the post in the evening and you could try it with that directions then.

      • Vlad said,

        I’ve been able to solve my problem…100%my fault, thanks funambol mailing list ;-)

  12. ReetP said,

    Struggled half the day with this – learning to loath Android. Anything that doesn’t use the big G is a pain.

    Took a while to realise that the standard Funambol client won’t work with self signed certificates. It just shouldn’t be this hard…..

    Excellent job though – your install seems to work with my home Horde/Turba/SyncML system, apart from not correctly syncing some of the fields – Fax & Mobile seem to work but not Home/Work landline numbers.

    Any ideas or pointers on where to look for a cure ?

  13. devbios said,

    Hi ReetP,

    for me home/Work numbers work syncing, but i use outlook and my mobile to edit these fields.

    Maybe you can just try to add a Work landline to on your phone, syncing and see what happens in Horde. I Think it just uses some other field name or probably something not showing with defaults in Horde.

  14. zhia said,

    hi

    im really interesting to have your modified funambol with task sync feature
    i have download funambol-android-10.1.3_Tasks-devBioS.apk but after i installed it, no task sync option

    im not good in programming espesially in java.. so i hope you can help me

    thank in advance

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: