Web icons on Bitwarden Android

NotLikely38 · October 30, 2021, 6:10am

Hi All,

I have a private (LAN only) Vaultwarden instance running on a Raspberry Pi4 via docker. It is set up per the Wiki with Duck DNS and Caddy reverse proxy. Bitwarden Windows Desktop, Firefox Extension and Web Vault all work perfectly. The Android app also works but no web icons are displayed.

Web icons are working correctly in all Windows clients and the Firefox Android Extension on my phone. It’s only the Bitwarden Android app (latest release and beta) that does not display web icons. Is that normal, or is there something I can do to get web icons working in the Bitwarden Android app?

Thanks for your help.

BlackDex · October 30, 2021, 10:12am

See Android app no icons for logins - #13 by tgreer - User-to-User Support - Bitwarden Community Forums

NotLikely38 · October 30, 2021, 10:38am

Thanks BlackDex, I saw that thread previously.

Actually, I’ve also created a cloud-hosted Bitwarden account and the Android app displays the web icons correctly using that account. The missing web icons only occur when using my self-hosted Vaultwarden and the Bitwarden Android app.

BlackDex · October 30, 2021, 12:20pm

All debugging which has already been done turned out that the application isn’t doing those calls to fetch the icons at all.

You should see the same on your server logs. I’m also not able to reproduce this, so it’s hard for me to test it my self.

But all points to the android app it self it looks like.

NotLikely38 · November 2, 2021, 6:42am

I’ve looked into this issue further and can report the following.

Setting Icons Server URL = https://icons.bitwarden.net under Custom Environment in the Android app displays the web icons correctly. Without this setting, I believe the app tries to load web icons from https://my-vwserver/icons/<site>/icon.png and they are all missing.
Entering https://my-vwserver/icons/google.com/icon.png (for example) in Firefox Android displays the correct icon.
I downloaded the app source code and built it in Debug mode in Visual Studio. Running via an emulator gives SSL CERTIFICATE_VERIFY_FAILED errors in the terminal output when loading icons. For example:

Image loading failed: https://my-vwserver/icons/google.com/icon.png
FFImageLoading.Exceptions.DownloadAggregateException: One or more errors occurred. (The SSL connection could not be established, see inner exception.) (The SSL connection could not be established, see inner exception.) (The SSL connection could not be established, see inner exception.) (The SSL connection could not be established, see inner exception.) ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
  at /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/external/boringssl/ssl/handshake_client.c:1132
  at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00042] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/mcs/class/System/Mono.Btls/MonoBtlsContext.cs:220 
  at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status, System.Boolean renegotiate) [0x000da] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:715 
  at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus,bool)
  at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00000] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:289 
  at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (System.Threading.CancellationToken cancellationToken) [0x000fc] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:223 
   --- End of inner exception stack trace ---
  at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Boolean runSynchronously, Mono.Net.Security.MonoSslAuthenticationOptions options, System.Threading.CancellationToken cancellationToken) [0x0025c] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:310 
  at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore (System.IO.Stream stream, System.Net.Security.SslClientAuthenticationOptions sslOptions, System.Threading.CancellationToken cancellationToken) [0x0007b] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/external/corefx/src/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/ConnectHelper.cs:165 
   --- End of inner exception stack trace ---

I have no experience in C# programming but followed the suggestion in https://github.com/luberda-molinet/FFImageLoading/issues/1448 and created an instance of HttpClient with SSL bypass in its handler for the FFImageLoading ImageService in MainApplication.cs. Rebuilt the app in Release mode and installed on my phone. The web icons now display correctly.
It therefore seems that the root cause of the missing web icons in the Bitwarden Android app is an invalid SSL certificate when loading icons from https://my-vwserver/icons/<site>/icon.png. This occurs when running a private (LAN only) Vaultwarden instance with Caddy and Duck DNS via docker-compose per the Wiki.

BlackDex · November 2, 2021, 5:49pm

If could also be an issue with LetsEncrypt and the expired DST Cert.

IOUSiVer · November 2, 2021, 10:09pm

I"m experiencing this also. @NotLikely38 great investigative work. @BlackDex I think you may be on to it. I believe the icons went missing right about the time LE expired their root LE cert.

I’m using SWAG from Linuxserverio which uses nginx reverse proxy. SWAG container handles the LE cert stuff. It looks like they addressed the issue in release 1.20.0-ls88, from the release notes "Check if the cert uses the old LE root cert, revoke and regenerate if necessary. " I’m currently running a later version than this so should have this fix baked in. However, my icons still don’t show.

Is there a way to resolve this cert error due to LE root cert expiration?

IOUSiVer · November 3, 2021, 7:07am

I can confirm that per @NotLikely38, Setting Icons Server URL = https://icons.bitwarden.net under Custom Environment in the Android app displays the web icons correctly.

I test this and it does work for my android app.

@BlackDex is it safe to set the Icons Server URI to https://icons.bitwarden.net? Are there any gotchas I would need to be aware of?

And it seems that @NotLikely38 has correctly identified the issue per #5 above. I see setting the Icon URl as a workaround and should be unnecessary.

What would be the fix for this so that it would work with https://my-vwserver/icons/<site>/icon.png as it always has in the past?

IOUSiVer · November 3, 2021, 7:16am

I also ran into another issue, which seems like a bug. The android app does not persist the Icon Server URL. If I close and reopen the app, icons are gone. I logout and check custom settings and Icon Server URL is empty. So this is not a working workaround.

BlackDex · November 4, 2021, 7:37am

It is safe to use bitwarden’s service. Only thing is that they would know the sites you have in your vault linked to your ip.

Best way to solve it is by fixing the certificate.

IOUSiVer · November 4, 2021, 9:18pm

Thank you. I agree, but how do I fix the certificate?

jjlin · November 5, 2021, 5:19am

See

github.com/xamarin/xamarin-android

LetsEncrypt SSL Cert produces: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED

opened 06:28PM - 30 Sep 21 UTC

paul-kiar

Area: Mono Runtime

### Steps to Reproduce 1. Have a certificate with 2 verification paths as [ex…plained here](https://letsencrypt.org/2020/12/21/extending-android-compatibility.html) 2. Register that certificate on a webserver 3. Create an HttpWebRequest to with the webserver URL from step 2 HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(address); request.Accept = "application/json"; request.Method = "GET"; using var response = await request.GetResponseAsync().ConfigureAwait(false); // throws exception This only happens with LetsEncrypt certificates that were signed with the expired certificate DST Root CA X3. Our SSL certificate was issued in August 2021 with the dual signature. It is not an issue for Apple iOS or iPadOS Chrome has an issue with the certificate on older devices, but not on recent devices Viewing the certificate in windows browsers showed the valid path Viewing the certificate on old emulators showed the invalid path and failed to be trusted On devices that chrome showed the certificate as valid, Xamarin Android app still failed to trust the certificate Certificate worked until September 29th when the DST Root CA X3 certificate expired Work Around: Renewing the certificate with LetsEncrypt Acme after Sept 30th 2021 fixed the problem ### Expected Behavior SSL Works, web request succeeds ### Actual Behavior Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED ### Version Information  Microsoft Visual Studio Enterprise 2019 Version 16.11.2 VisualStudio.16.Release/16.11.2+31624.102 Microsoft .NET Framework Version 4.8.04084 Installed Version: Enterprise Visual C++ 2019 00435-60000-00000-AA537 Microsoft Visual C++ 2019 ADL Tools Service Provider 1.0 This package contains services used by Data Lake tools ASA Service Provider 1.0 ASP.NET and Web Tools 2019 16.11.75.64347 ASP.NET and Web Tools 2019 ASP.NET Web Frameworks and Tools 2019 16.11.75.64347 For additional information, visit https://www.asp.net/ Azure App Service Tools v3.0.0 16.11.75.64347 Azure App Service Tools v3.0.0 Azure Data Lake Node 1.0 This package contains the Data Lake integration nodes for Server Explorer. Azure Data Lake Tools for Visual Studio 2.6.1000.0 Microsoft Azure Data Lake Tools for Visual Studio Azure Functions and Web Jobs Tools 16.11.75.64347 Azure Functions and Web Jobs Tools Azure Stream Analytics Tools for Visual Studio 2.6.1000.0 Microsoft Azure Stream Analytics Tools for Visual Studio C# Tools 3.11.0-4.21403.6+ae1fff344d46976624e68ae17164e0607ab68b10 C# components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used. Common Azure Tools 1.10 Provides common services for use by Azure Mobile Services and Microsoft Azure Tools. Extensibility Message Bus 1.2.6 (master@34d6af2) Provides common messaging-based MEF services for loosely coupled Visual Studio extension components communication and integration. Fabric.DiagnosticEvents 1.0 Fabric Diagnostic Events IntelliCode Extension 1.0 IntelliCode Visual Studio Extension Detailed Info Microsoft Azure HDInsight Azure Node 2.6.1000.0 HDInsight Node under Azure Node Microsoft Azure Hive Query Language Service 2.6.1000.0 Language service for Hive query Microsoft Azure Service Fabric Tools for Visual Studio 16.10 Microsoft Azure Service Fabric Tools for Visual Studio Microsoft Azure Stream Analytics Language Service 2.6.1000.0 Language service for Azure Stream Analytics Microsoft Azure Stream Analytics Node 1.0 Azure Stream Analytics Node under Azure Node Microsoft Azure Tools for Visual Studio 2.9 Support for Azure Cloud Services projects Microsoft Continuous Delivery Tools for Visual Studio 0.4 Simplifying the configuration of Azure DevOps pipelines from within the Visual Studio IDE. Microsoft JVM Debugger 1.0 Provides support for connecting the Visual Studio debugger to JDWP compatible Java Virtual Machines Microsoft Library Manager 2.1.113+g422d40002e.RR Install client-side libraries easily to any web project Microsoft MI-Based Debugger 1.0 Provides support for connecting Visual Studio to MI compatible debuggers Microsoft Visual C++ Wizards 1.0 Microsoft Visual C++ Wizards Microsoft Visual Studio Tools for Containers 1.2 Develop, run, validate your ASP.NET Core applications in the target environment. F5 your application directly into a container with debugging, or CTRL + F5 to edit & refresh your app without having to rebuild the container. Microsoft Visual Studio VC Package 1.0 Microsoft Visual Studio VC Package Mono Debugging for Visual Studio 16.10.15 (552afdf) Support for debugging Mono processes with Visual Studio. NuGet Package Manager 5.11.0 NuGet Package Manager in Visual Studio. For more information about NuGet, visit https://docs.nuget.org/ ProjectServicesPackage Extension 1.0 ProjectServicesPackage Visual Studio Extension Detailed Info Razor (ASP.NET Core) 16.1.0.2122504+13c05c96ea6bdbe550bd88b0bf6cdddf8cde1725 Provides languages services for ASP.NET Core Razor. Snapshot Debugging Extension 1.0 Snapshot Debugging Visual Studio Extension Detailed Info SQL Server Data Tools 16.0.62107.28140 Microsoft SQL Server Data Tools Test Adapter for Boost.Test 1.0 Enables Visual Studio's testing tools with unit tests written for Boost.Test. The use terms and Third Party Notices are available in the extension installation directory. Test Adapter for Google Test 1.0 Enables Visual Studio's testing tools with unit tests written for Google Test. The use terms and Third Party Notices are available in the extension installation directory. ToolWindowHostedEditor 1.0 Hosting json editor into a tool window TypeScript Tools 16.0.30526.2002 TypeScript Tools for Microsoft Visual Studio Visual Basic Tools 3.11.0-4.21403.6+ae1fff344d46976624e68ae17164e0607ab68b10 Visual Basic components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used. Visual F# Tools 16.11.0-beta.21322.6+488cc578cafcd261d90d748d8aaa7b8b091232dc Microsoft Visual F# Tools Visual Studio Code Debug Adapter Host Package 1.0 Interop layer for hosting Visual Studio Code debug adapters in Visual Studio Visual Studio Container Tools Extensions 1.0 View, manage, and diagnose containers within Visual Studio. Visual Studio Tools for CMake 1.0 Visual Studio Tools for CMake Visual Studio Tools for Containers 1.0 Visual Studio Tools for Containers Visual Studio Tools for Kubernetes 1.0 Visual Studio Tools for Kubernetes VisualStudio.DeviceLog 1.0 Information about my package VisualStudio.Foo 1.0 Information about my package VisualStudio.Mac 1.0 Mac Extension for Visual Studio Xamarin 16.11.000.174 (d16-11@e8f56f1) Visual Studio extension to enable development for Xamarin.iOS and Xamarin.Android. Xamarin Designer 16.11.0.17 (remotes/origin/11e0001f0b17269345e80b58fb3adf1ba4efe2cd@11e0001f0) Visual Studio extension to enable Xamarin Designer tools in Visual Studio. Xamarin Templates 16.10.5 (355b57a) Templates for building iOS, Android, and Windows apps with Xamarin and Xamarin.Forms. Xamarin.Android SDK 11.4.0.5 (d16-11/7776c9f) Xamarin.Android Reference Assemblies and MSBuild support. Mono: c633fe9 Java.Interop: xamarin/java.interop/d16-11@48766c0 ProGuard: Guardsquare/proguard/v7.0.1@912d149 SQLite: xamarin/sqlite/3.35.4@85460d3 Xamarin.Android Tools: xamarin/xamarin-android-tools/d16-11@683f375 Xamarin.iOS and Xamarin.Mac SDK 14.20.0.25 (3b53e529b) Xamarin.iOS and Xamarin.Mac Reference Assemblies and MSBuild support. ### Log File

Any of options 2 through 5 should work. Option 2 is a device-specific fix, and is probably easiest if there are only a few Android devices you care about and you control all of them. If you need to support unknown Android devices, then you need one of the other options.

NotLikely38 · November 5, 2021, 5:59am

Thank you @jjlin and @BlackDex. Option 2 fixed the SSL certificate error for me and web icons are now working again in the official Bitwarden Android app.

IOUSiVer · November 6, 2021, 5:41pm

Ditto! Worked for me. Thank you @jjlin and @BlackDex!

IOUSiVer · November 7, 2021, 6:47pm

Since the DST ROOT CA X3 is a system cert, to be on the safe side, I chose option 5 and switched from LetsEncrypt to ZeroSSL for my certs. I then re-enabled DST Root CA X3 on my android devices. Tested and I see all icons fine.

Use another CA such as ZeroSSL, which uses a root which is trusted back to Android 2.2, and which won’t expire until 2038.

Toxic0berliner · November 16, 2021, 8:35pm

For me, setting Icons Server URL = https://icons.bitwarden.net under Custom Environment in the Android app did not make the icons appear, no luck on my OnePlus 8 running Android 11.

So I had to switch to zerossl and yes it worked for me, it was a real pain having to add CAA tom my DNS, then adding a second certresolver to traefik, finding out they all need to use the same email, and finally adding the proper labels to my routers so only vaultwarden gets it from zerossl given the pretty limiting constraints of a free zerossl account…

But switching to zerossl worked, thanks !

BlackDex · November 16, 2021, 9:13pm

Maybe you can help others by explaining what’s steps you needed to take, and maybe some examples? That would be great.

Toxic0berliner · November 16, 2021, 9:32pm

There is no chance I get the time to give examples and anyway my setup with traefik is probably too specific to me. All steps I did are already summarized : CAA in your DNS, then add a certResolver, there are great guides for zerossl and traefik, plus the doc is quite helpful to add certResolver and set it on router.

So knowing zerossl provides free certs that work with icons is the key information here

Topic		Replies	Views
Issues with Icons from Websites Help	10	186	December 1, 2023
Bitwarden running on Portainer (Browser Extensions Not Working) Help	2	558	July 21, 2023
iOS App not showing vault item icons Help	11	495	February 9, 2023
Self-Signed Android setup Help	4	1700	April 8, 2023
Can't login with Firefox Bitwarden addon Help	3	208	December 3, 2023

Web icons on Bitwarden Android

Related Topics