[cups] SSL in cups 2.3.3op2

Mark Dm markosjal at gmail.com
Tue Oct 10 22:49:55 PDT 2023 

Douglass,

There is no "bookworm" release on download page.
https://www.raspberrypi.com/software/operating-systems/  Also that link you
sent about CUPS SSL is exactly the issue I have on Android however I can
never get the message to trust the server. I have tried having android
client find printer, providing only IP and I entered printer URL as both
http and https. I never see the screen on link page for untrusted SSL.


Jorg,
I have no idea how to apply a Lets Encrypt certificate for a domain to a
LAN device .


As for this version of CUPS I think it is a HUGE FAIL. Makes me wonder if
this is the new norm for CUPS while Apple breaks printing in Linux


On Tue, Oct 10, 2023 at 8:54 PM Douglas Kosovic <doug at uq.edu.au> wrote:

> Hi Mark,
>
> The new Debian 12 (Bookworm) based Raspberry Pi OS might be the simplest
> option for you as it comes with cups 2.4.2-3+deb12u4, so will work with
> Android Mopria Print Service and Windows 10/11 inbox IPP driver unlike the
> earlier CUPS versions.
>
> The following is a summary of the issues with the Android CUPS client.
>
> The Android CUPS client v1.5 was published in 2018 and is available on the
> Google Play Store:
>
> https://play.google.com/store/apps/details?id=io.github.benoitduffez.cupsprint
>
> has commits in GitHub after the 1.5.0 tag (so after that published
> version) that allows clear text traffic:
>   https://github.com/BenoitDuffez/AndroidCupsPrint/commits/develop
>
> so one option is to build the latest Android CUPS client from source code
> and side load on the Android device.
>
> Although the Android CUPS client v1.5 release notes claims it is able to
> handle self-signed certificates, there still appears to be issues according
> to the following:
>    https://github.com/BenoitDuffez/AndroidCupsPrint/issues/157
>
> an ugly workaround for the Google Play Store published version is
> described in the above link.
>
>
>
>
> Cheers,
> Doug
>
> -----Original Message-----
> From: Douglas Kosovic <doug at uq.edu.au>
> Sent: Wednesday, October 11, 2023 12:23 AM
> To: The CUPS user discussion list. <cups at cups.org>
> Subject: Re: [cups] SSL in cups 2.3.3op2
>
> Hi Mark,
>
> I built cups 2.4.7-1 from Debian sid and the Android Mopria Print Service
> is able to find the print queue as does Windows 11, but the Android Default
> Print Service wasn't able to. I was getting some errors when I try to
> print, but that is another story and still looking into it.
>
> Going back to the original issue using the so called Android CUPS client
> (which I think is a bit of a misleading name as it isn't built using CUPS
> or any libraries from CUPS).
>
> I wonder if the "Clear text is no longer allowed on Android 9. Please
> enable SSL/TLS on the CUPS server/printer" from that client means you need
> to you need to add "Encryption Required" to all <Location> directives in
> the /etc/cups/cupsd.conf file.
>
> Anyway, that issue is described in the Android CUPS client's github issues
> :
> https://github.com/BenoitDuffez/AndroidCupsPrint/issues/157
>
> I'm not able to install that Android CUPS client as the Google Play store
> claims I don't have any compatible devices.
>
> In regards to certificates, deleting the certificates under /etc/cups/ssl/
> and restarting CUPS will regenerate new self-signed certificate, but looks
> like the Android CUPS client has issues with self-signed certificates.
> Possibly could use the Let's Encrypt certificate service, which has
> certificates stored in the /etc/letsencrypt/live directory
>
>
>
> Cheers,
> Doug
>
> -----Original Message-----
> From: Douglas Kosovic <doug at uq.edu.au>
> Sent: Tuesday, October 10, 2023 3:20 PM
> To: The CUPS user discussion list. <cups at cups.org>
> Subject: Re: [cups] SSL in cups 2.3.3op2
>
> Hi Mark,
>
> > Upgraded to Bullseye on Raspberry Pi 3B+  from Stretch. Far too many
> > issues with CUPS 2.3.3op2.
>
> Okay, I have CUPS 2.3.3op2-3 on a Raspberry Pi, added a print queue, then
> tried with Android 10, but had no success finding the print queue.
>
> 'avahi-browse --all -r' wasn't listing any mDNS advertisement for the
> print queue, so I added the following line to /etc/cups/cupsd.conf :
>
> BrowseDNSSDSubTypes _cups,_universal,_print
>
> iOS was then able to find the print queue, but still no luck with Android.
> The output of 'avahi-browse --all -r' doesn't have mopria-certified in the
> mDNS advertisement for the print queue which I suspect is the problem.
>
> When I get home tonight, I'm thinking of doing a backport build of CUPS
> 2.4.7-1 from Debian Sid to see if things work. With CUPS 2.4 it definitely
> mDNS advertises mopria-certified for the print queues.
>
> From the following page, I get the impression even with the default
> Android Print Service that they mention, it only works with printers that
> advertise they are mopria-certified :
>   https://mopria.org/androidfaq
>
>
> > If I manually enter the printer URL in cups client for android with
> > "https:" it does not print and sometimes crashes android client.
>
> I suspect the Android CUPS client you are referring to is the following :
> https://github.com/BenoitDuffez/AndroidCupsPrint
>
> https://play.google.com/store/apps/details?id=io.github.benoitduffez.cupsprint
>
> That Android CUPS client has nothing to do with the OpenPrinting CUPS and
> uses cups4j which is written in Java. I suspect the TLS/SSL certificate
> issues you are having are because of that client.
>
>
>
>
> Cheers,
> Doug
>
>
> _______________________________________________
> cups mailing list
> cups at cups.org
> https://lists.cups.org/mailman/listinfo/cups
> _______________________________________________
> cups mailing list
> cups at cups.org
> https://lists.cups.org/mailman/listinfo/cups
>

More information about the cups mailing list