I have made a network security configuration xml file to whitelist some HTTP URLs used by my app. But doing that causes Couchbase to not be able to access the internet. I guess I need to add some other Couchbase domains to the configuration? What are those?
For now I just use android:usesCleartextTraffic="true" to enable all HTTP URLs.
Any reason why you are not enabling TLS on Sync Gateway? Hopefully this is only for development.
The Android documentation should provide relevant guidance on how to do this -Android N and above have mechanisms for fine grained access.
We do use TLS. It turns out the problem is this:
android - Network security configuration not working with third party API - Stack Overflow
I’ve faced similar issues too. After some investigation, I’ve found an issue on Github where was a details description of why this issue could happen: Android: SSL cert chain validation (platform fallback) not working with (domain) network security config (xml) · Issue #1313 · microsoft/cpprestsdk · GitHub In short, it’s a new behaviour of the Android Framework. If your network config contains any <domain-config blocks, Framework throws CertificateException if you call checkServerTrusted(X509Certificate certs, String authType) in X509TrustManager. So instead you should use X509TrustManagerExtensions and call method with a hostname in a signature.
The problem is in CBLTrustManager.java line 73.
if (useDefaultTrustManager()) {
getDefaultTrustManager().checkServerTrusted(chain, authType);
return;
}
https://issues.couchbase.com/browse/CBL-1984
Fixed here