[cups] SSL in cups 2.3.3op2

Douglas Kosovic doug at uq.edu.au
Tue Oct 10 07:22:54 PDT 2023 

Hi Mark,

I built cups 2.4.7-1 from Debian sid and the Android Mopria Print Service is able to find the print queue as does Windows 11, but the Android Default Print Service wasn't able to. I was getting some errors when I try to print, but that is another story and still looking into it.

Going back to the original issue using the so called Android CUPS client (which I think is a bit of a misleading name as it isn't built using CUPS or any libraries from CUPS).

I wonder if the "Clear text is no longer allowed on Android 9. Please enable SSL/TLS on the CUPS server/printer" from that client means you need to you need to add "Encryption Required" to all <Location> directives in the /etc/cups/cupsd.conf file.

Anyway, that issue is described in the Android CUPS client's github issues :
https://github.com/BenoitDuffez/AndroidCupsPrint/issues/157

I'm not able to install that Android CUPS client as the Google Play store claims I don't have any compatible devices.

In regards to certificates, deleting the certificates under /etc/cups/ssl/ and restarting CUPS will regenerate new self-signed certificate, but looks like the Android CUPS client has issues with self-signed certificates. Possibly could use the Let's Encrypt certificate service, which has certificates stored in the /etc/letsencrypt/live directory



Cheers,
Doug

-----Original Message-----
From: Douglas Kosovic <doug at uq.edu.au> 
Sent: Tuesday, October 10, 2023 3:20 PM
To: The CUPS user discussion list. <cups at cups.org>
Subject: Re: [cups] SSL in cups 2.3.3op2

Hi Mark,

> Upgraded to Bullseye on Raspberry Pi 3B+  from Stretch. Far too many 
> issues with CUPS 2.3.3op2.

Okay, I have CUPS 2.3.3op2-3 on a Raspberry Pi, added a print queue, then tried with Android 10, but had no success finding the print queue.

'avahi-browse --all -r' wasn't listing any mDNS advertisement for the print queue, so I added the following line to /etc/cups/cupsd.conf :

BrowseDNSSDSubTypes _cups,_universal,_print

iOS was then able to find the print queue, but still no luck with Android. The output of 'avahi-browse --all -r' doesn't have mopria-certified in the mDNS advertisement for the print queue which I suspect is the problem.

When I get home tonight, I'm thinking of doing a backport build of CUPS 2.4.7-1 from Debian Sid to see if things work. With CUPS 2.4 it definitely mDNS advertises mopria-certified for the print queues.

From the following page, I get the impression even with the default Android Print Service that they mention, it only works with printers that advertise they are mopria-certified :
  https://mopria.org/androidfaq


> If I manually enter the printer URL in cups client for android with 
> "https:" it does not print and sometimes crashes android client.

I suspect the Android CUPS client you are referring to is the following :
https://github.com/BenoitDuffez/AndroidCupsPrint
https://play.google.com/store/apps/details?id=io.github.benoitduffez.cupsprint

That Android CUPS client has nothing to do with the OpenPrinting CUPS and uses cups4j which is written in Java. I suspect the TLS/SSL certificate issues you are having are because of that client.




Cheers,
Doug

More information about the cups mailing list