KeePass / Bugs / #1466 SendFailure when opening database from https WebDav OwnCloud

SteveH - 2016-01-15

Have just updated to latest KeePass v2.3 by using

ppa:jtaylor/keepass

But it has the same problem.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

SteveH - 2016-01-15

Also of note is that Enpass (v5.0.2) seems fine working with my OwnCloud.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Using '-debug' when launching keepass2, some extra info is emitted with the error:

https://xxx.xxx.xxx/owncloud/remote.php/webdav/KeePass/Stephen.kdbx (stephen)

Error: SendFailure (Error writing headers)
System
  at System.Net.WebClient.OpenRead (System.Uri address) <0x40ee18c0 + 0x003a3> in <filename unknown>:0 
  at (wrapper remoting-invoke-with-check) System.Net.WebClient:OpenRead (System.Uri)
  at KeePassLib.Serialization.IOConnection.OpenRead (KeePassLib.Serialization.IOConnectionInfo ioc) <0x40ed93b0 + 0x00107> in <filename unknown>:0 
  at KeePassLib.Serialization.IOConnection.FileExists (KeePassLib.Serialization.IOConnectionInfo ioc, Boolean bThrowErrors) <0x40ed9090 + 0x000df> in <filename unknown>:0 
System.IO.Stream OpenRead(System.Uri)


Inner:
Error writing headers

Paul - 2016-01-15

Try ignoring invalid certificates. Tools > Options > Advanced > File input/output connections.

cheers, Paul

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

SteveH - 2016-01-16

Already tried that and makes no difference. The certificate is valid as far as Firefox is concerned...
•••

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Paul - 2016-01-16

Are you able to test KeePass in Windows? This will show whether it's KeePass or mono, most likely mono.

cheers, Paul

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- SteveH - 2016-01-16
  
  Are you able to test KeePass in Windows? This will show whether it's KeePass or mono, most likely mono.
  
  Just tried v2.31 in Win7, and it works fine.
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Found this page - http://www.mono-project.com/docs/faq/security/.
So Mono doesn't have any root certs, which ain't great.
So used following to get them:

sudo apt-get install mono-devel
sudo mozroot --sync --import

Downloaded tsltest and built it using their instructions and tried to test my webserver. It still fails. Testing against https://www.google.com passes the test though.
Here's the output:

mono tlstest.exe https://xxx.xxx.xxx
FAILED: #-2146232800
System.IO.IOException: The authentication or decryption has failed. ---> System.IO.IOException: Error while sending TLS Alert (Fatal:InternalError): System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (IAsyncResult asyncResult) <0x41657a70 + 0x00107> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (IAsyncResult ar, Boolean ignoreEmpty) <0x416579b0 + 0x0002b> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (IAsyncResult result) <0x41654620 + 0x00213> in <filename unknown>:0
  --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (IAsyncResult result) <0x41658670 + 0x000bf> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) <0x41658400 + 0x0007f> in <filename unknown>:0  ---> System.IO.IOException: The authentication or decryption has fai
led. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (IAsyncResult asyncResult) <0x41657a70 + 0x00107> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (IAsyncResult ar, Boolean ignoreEmpty) <0x416579b0 + 0x0002b> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (IAsyncResult result) <0x41654620 + 0x00213> in <filename unknown>:0
  --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (IAsyncResult result) <0x41658670 + 0x000bf> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) <0x41658400 + 0x0007f> in <filename unknown>:0
  --- End of inner exception stack trace ---
  --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslStreamBase.EndNegotiateHandshake (Mono.Security.Protocol.Tls.InternalAsyncResult asyncResult) <0x41652a20 + 0x0005f> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.NegotiateHandshake () <0x4164c870 + 0x0009b> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.Write (System.Byte[] buffer, Int32 offset, Int32 count) <0x4164c550 + 0x000a3> in <filename unknown>:0
  at System.IO.StreamWriter.Flush (Boolean flushStream, Boolean flushEncoder) <0x7fdb203cfda0 + 0x000fa> in <filename unknown>:0
  at System.IO.StreamWriter.Flush () <0x7fdb203cfd70 + 0x0001f> in <filename unknown>:0
  at TlsTest.GetStreamPage (System.String url) <0x41618f30 + 0x00335> in <filename unknown>:0
  at TlsTest.Main (System.String[] args) <0x416150f0 + 0x0069f> in <filename unknown>:0

So am still stumped.

Has it installed the root certificate for the certificate you are using?

cheers, Paul

Looks like it; if I do this, I get some warnings about the signature, which aint good:

stephen@MyVirtualBox:~$ certmgr --ssl https://letsencrypt.org
Mono Certificate Manager - version 4.2.1.0
Manage X.509 certificates and CRL from stores.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.


X.509 Certificate v3
   Issued from: O=Digital Signature Trust Co., CN=DST Root CA X3
   Issued to:   C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
   Valid from:  25/09/2014 16:28:03
   Valid until: 29/09/2021 16:28:03
   *** WARNING: Certificate signature is INVALID ***
This certificate is already in the CA store.

X.509 Certificate v3
   Issued from: C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
   Issued to:   C=US, O=IdenTrust, OU=TrustID Server, CN=TrustID Server CA A52
   Valid from:  20/03/2014 18:05:38
   Valid until: 20/03/2022 18:05:38
   *** WARNING: Certificate signature is INVALID ***
This certificate is already in the CA store.

X.509 Certificate v3
   Issued from: C=US, O=IdenTrust, OU=TrustID Server, CN=TrustID Server CA A52
   Issued to:   CN=letsencrypt.org, O=INTERNET SECURITY RESEARCH GROUP, L=Mountain View, S=California, C=US
   Valid from:  03/02/2015 21:24:51
   Valid until: 02/02/2018 21:24:51
This certificate is already in the AddressBook store.

No certificate were added to the stores.

Although if I do that against www.google.com, it gives the same warning!
Still doesn't work though!

Paul - 2016-01-17

The certificate is already in the store, so it should be fine.
As it works in Windows it would appear to be a mono thing.

cheers, Paul

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dominik Reichl - 2016-02-21

Three suggestions:

Try the latest KeePass development snapshot:
http://keepass.info/filepool/KeePass_160221.zip

Make sure you're using the latest Mono version (4.2.2).

We recently had another issue with SSL/TLS, which was fixed by upgrading Apache from 2.2 to 2.4. If you're using an old Apache, could you try upgrading?

Best regards,
Dominik
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dominik Reichl - 2016-04-21

status: open --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Léopold Baillard - 2016-05-21

Hi!

Just tested the latest release of Keepass under Mono with Debian Testing and the problem still appears under the same conditions (WebDAV, Apache 2.4, Mono 4.2.1, Let's Encrypt cert).

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Paul - 2016-05-22

Any useful information in the Apache logs?

cheers, Paul

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Léopold Baillard - 2016-05-22

Apparently it didn't go that far. There are no lines in the logs (access and error).

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Paul - 2016-05-23

What error do you get from KeePass?

cheers, Paul

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Léopold Baillard - 2016-05-24

The exact same message that the original poster had.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Paul - 2016-05-24

Generate a new certificate and try that.

cheers, Paul

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

phloks - 2016-05-24

I also have the exact same issue.
The strange thing, however, is that Keepass works perfectly from Windows 10 connecting to my Linux box with https://myhost/webdav/me.kdbx
I'm using Apache 2.4 with the mod_dav modules, and also have a Letsencrypt certificate. Keepass works without having to allow for invalid certificates.....

Connecting to the same URL with my Galaxy S5 and the latest Keepass from the store does not work.
I get to the point where I want to open the database, I first get the message that the external file and cache are synchronised, but then the Error: SendFailure (Error writing headers) appears, and I'm unable to open the database.

Please advise.

Regards,
Hans

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Paul - 2016-05-24

KeePass does not work on Android so you must have one of the 3rd party ports. Which one do you have?

cheers, Paul

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- phloks - 2016-05-24
  
  Hi Paul,
  
  Thanks for the quick reply.
  I have Keepass2Android v. 0.9.9e.
  As far as I know, this is the only (free) Android app that allows a connection to a webdav source.
  
  Does this help ?
  
  Cheers,
  Hans
  
  Verstuurd vanaf mijn iPad
  
  Op 24 mei 2016 om 18:35 heeft Paul pail459@users.sf.net het volgende geschreven:
  
  KeePass does not work on Android so you must have one of the 3rd party ports. Which one do you have?
  
  cheers, Paul
  
  [bugs:#1466] SendFailure when opening database from https WebDav OwnCloud
  
  Status: closed
  Group: KeePass_2.x
  Labels: OwnCloud https WebDav
  Created: Fri Jan 15, 2016 11:59 AM UTC by SteveH
  Last Updated: Tue May 24, 2016 02:48 PM UTC
  Owner: nobody
  
  I am using OwnCloud v8.2 on Ubuntu 14.04.3 LTS server. I have a certfificate from LetsEncrypt.
  I am using Mono from their repo, which is v4.2 stable.
  I am using Ubuntu 14.04.3 to run KeePass.
  In Keepass2, v2.25, using "Open From URL" I enter -
  
  https://xxx.xxx.xxx/owncloud/remote.php/webdav/KeePass/Stephen.kdbx
  
  I get:
  
  Error: SendFailure (Error writing headers)
  Error writing headers
  
  Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/keepass/bugs/1466/
  
  To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/
  
  Related
  
  Bugs: ~~#1466~~
  
  alternate
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Paul - 2016-05-25

Keepass2Android works with webdav. Try http instead of https.

cheers, Paul

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Alan - 2016-08-07

Please disregard. Problem disappeared when upgraded 2.30 to 2.34.

Just wanted to add that I have the very same problem.
I was using Owncloud (Sabre) WEBDAV connection to the KeePass database file without any problems. Now I migrated to a new server with Nextcloud (the same WEBDAV) and I'm not able to open database anymore. "An unexpected error occured on send"
The configuration is the same as before, only ssl certificate is different and protocol is limited to TLS1.1 and 1.2

Accepting invalid SSL certificates didn't help.

File is accessible via Internet Explorer.

Nothing on server logs

Last edit: Alan 2016-08-07
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

SteveH - 2016-09-15

Have upgraded to KeePass2 v2.34 + mono v4.4.2. Now get:

KeePass

https://xxx.xxx.xxx/owncloud/remote.php/webdav/KeePass/xxx.kdbx (stephen)

Error: SecureChannelFailure (The authentication or decryption has failed.)

The authentication or decryption has failed.

OK

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

SendFailure when opening database from https WebDav OwnCloud

A lightweight and easy-to-use password manager

Group

Searches

Help

#1466 SendFailure when opening database from https WebDav OwnCloud

Related

Discussion

Related

KeePass

The authentication or decryption has failed.

OK