[cups] SSL in cups 2.3.3op2
Douglas Kosovic
doug at uq.edu.au
Tue Oct 10 07:22:54 PDT 2023
Hi Mark,
I built cups 2.4.7-1 from Debian sid and the Android Mopria Print Service is able to find the print queue as does Windows 11, but the Android Default Print Service wasn't able to. I was getting some errors when I try to print, but that is another story and still looking into it.
Going back to the original issue using the so called Android CUPS client (which I think is a bit of a misleading name as it isn't built using CUPS or any libraries from CUPS).
I wonder if the "Clear text is no longer allowed on Android 9. Please enable SSL/TLS on the CUPS server/printer" from that client means you need to you need to add "Encryption Required" to all <Location> directives in the /etc/cups/cupsd.conf file.
Anyway, that issue is described in the Android CUPS client's github issues :
https://github.com/BenoitDuffez/AndroidCupsPrint/issues/157
I'm not able to install that Android CUPS client as the Google Play store claims I don't have any compatible devices.
In regards to certificates, deleting the certificates under /etc/cups/ssl/ and restarting CUPS will regenerate new self-signed certificate, but looks like the Android CUPS client has issues with self-signed certificates. Possibly could use the Let's Encrypt certificate service, which has certificates stored in the /etc/letsencrypt/live directory
Cheers,
Doug
-----Original Message-----
From: Douglas Kosovic <doug at uq.edu.au>
Sent: Tuesday, October 10, 2023 3:20 PM
To: The CUPS user discussion list. <cups at cups.org>
Subject: Re: [cups] SSL in cups 2.3.3op2
Hi Mark,
> Upgraded to Bullseye on Raspberry Pi 3B+ from Stretch. Far too many
> issues with CUPS 2.3.3op2.
Okay, I have CUPS 2.3.3op2-3 on a Raspberry Pi, added a print queue, then tried with Android 10, but had no success finding the print queue.
'avahi-browse --all -r' wasn't listing any mDNS advertisement for the print queue, so I added the following line to /etc/cups/cupsd.conf :
BrowseDNSSDSubTypes _cups,_universal,_print
iOS was then able to find the print queue, but still no luck with Android. The output of 'avahi-browse --all -r' doesn't have mopria-certified in the mDNS advertisement for the print queue which I suspect is the problem.
When I get home tonight, I'm thinking of doing a backport build of CUPS 2.4.7-1 from Debian Sid to see if things work. With CUPS 2.4 it definitely mDNS advertises mopria-certified for the print queues.
From the following page, I get the impression even with the default Android Print Service that they mention, it only works with printers that advertise they are mopria-certified :
https://mopria.org/androidfaq
> If I manually enter the printer URL in cups client for android with
> "https:" it does not print and sometimes crashes android client.
I suspect the Android CUPS client you are referring to is the following :
https://github.com/BenoitDuffez/AndroidCupsPrint
https://play.google.com/store/apps/details?id=io.github.benoitduffez.cupsprint
That Android CUPS client has nothing to do with the OpenPrinting CUPS and uses cups4j which is written in Java. I suspect the TLS/SSL certificate issues you are having are because of that client.
Cheers,
Doug
More information about the cups
mailing list