can't connect self-signed certificate server

[llj098]

What is wrong?

can't connect the self-signed certificate server:

SSLHandshakeException: Read error:ssl=0xb400007e09526188: Failure in SSL library,usually a protocol error
error:10000438:SSL routines:OPENSSL
internal:TLSV1 ALERT INTERNAL ERROR
(external/boringssl/src/ssl/tls record.cc:592
0xb400007e09382240:0x00000003)

To Reproduce
Steps to reproduce the behavior:

1. create a self-signed certificate server with:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=CommonNameOrHostname"\n 

and a caddy file

localhost:62342 {
        tls cert.pem key.pem { }
        reverse_proxy :2342
}

2. bundle the key and cert files by:

# Combine the certificate and the key.
cat cert.pem key.pem > pkcs12.pem
# Create a password-protected bundle.
openssl pkcs12 -in pkcs12.pem -export -out bundle.p12

from https://github.com/Radiokot/photoprism-android-client/wiki/How-to-connect-to-a-library-with-mTLS-(mutual-TLS)-auth%3F

3. install the p12 file as vpn and apps
4. use the certification to connect phtoprism server

Expected behavior
connect success

Screenshots

Device (please complete the following information):

• Model: xiaomi 13 utltra
• Android version: 14

Additional context

I can connect with http successfully.

[Radiokot]

Hi. It is not the bug in the app. It is capable of working with certificates signed by custom authorities if the chain is set up correctly and you have the CA certificate installed on your phone.
Please, follow this checklist: #130 (comment)