HTTPS key pinning issues causes silent sync failure

Bug report

At work we use Cloudflare WARP with HTTPS interception. This means there is a Cloudflare root CA installed on our machines and all traffic is filtered by them. This is from the Cloudflare Teams service, not the Cloudflare Infrastructure/CDN that everyone is used to dealing with.

When the WARP client is turned on, so all HTTPS traffic is being monitored, Inkdrop does not sync. If you force a sync, it goes to “Syncing…” then “Synced at XXXXXX” time. From the UI it looks like everything is fine, except the system is NOT synchronizing any notes. So it’s a silent failure. The only way to figure out this is happening was to update notes on another machine and then fail to see changes sync between the two.

Turning off the WARP client “solves” the problem. Additionally, as an admin of Cloudflare Teams I’ve verified that turning off HTTPS inspection for inkdrop.app also resolved the issue. I assume the Inkdrop app is using HTTP Key Pinning of some sort.

To be clear: I’m not complaining that the application doesn’t work in this HTTPS-Intercept environment. Simply that the failure is silent, that is a “bug”.

Info

  • Platform: macOS
  • Platform version: 11.3
  • App Version: 5.2.1

Reproduce

  • Turn on any tool that does an https MITM (Charles Proxy should work)
  • Attempt to sync
  • Check another client to verify sync did not actually occur.

Hi Jon,

Thank you for the report.
That seems to be related to this issue:

The live sync of PouchDB doesn’t report network errors but just keeps retrying automatically.
As I discussed in the thread above, the app can be offline for various reasons and it’d be annoying to notify every network failure.

With that being said, I think the problem is that it can cause unexpected note conflicts.
Maybe it’d be better to display “Offline” in the sync status when detecting a network issue somehow like he suggested.


Update:

1 Like

Ah yes. Different root cause but same end result. Makes sense.

Awesome! Looks great! Thank you so much!

1 Like

Fixed in v5.3.0🎉 Thanks again for reporting. Credited here:

1 Like