[Bug]: SSL client certificate broken with 3.12.2 connection wizard

[k-neon]

⚠️ Before submitting, please verify the following: ⚠️

• This is a bug, not a question or a configuration issue.
• This issue is not already reported on Github (I've searched it).
• Nextcloud Server and Desktop Client are up to date. See Server Maintenance and Release Schedule and Desktop Releases for supported versions.
• I agree to follow Nextcloud's Code of Conduct

Bug description

The Nextcloud Connection Wizard can't proceed with the account creation because it shows a 400 Bad Request error where the web server does not receive the SSL client certificate. It ist not possible to add the account.
This worked perfectly with the previous 3.9.3 client, but now with 3.12.2 it no longer works.

Steps to reproduce

1. Add a new account (Account -> Add new)
2. Click "Log In" button
3. Add Server Address
4. Click on "Configure client-side TLS certificate"
5. Load pkcs12 client-side cert and enter cert password
6. Now appears the error
   • Failed to connect to Nextcloud at https://????.com
     Server replied “400 Bad Request” to GET https://????.com/status.php”
   • Could not load certificate. Maybe wrong password?

Expected behavior

It should be possible to add a new account to the client through the Nextcloud Connection Wizard which has an SSL client certificate in order connect to the Nextcloud server which requires client certificate authentication.

Which files are affected by this bug

not files

Operating system

Windows

Which version of the operating system you are running.

Win 11

Package

Other

Nextcloud Server version

27.1.7

Nextcloud Desktop Client version

3.12.2

Is this bug present after an update or on a fresh install?

Fresh desktop client install

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

Are you using an external user-backend?

• Default internal user-backend
• LDAP/ Active Directory
• SSO - SAML
• Other

Nextcloud Server logs

No response

Additional info

No response

[e-cite]

Could this be related to #863 ?

[freebeat]

Same issue here, except that I don't see the 400 Bad Request error. I tried this on 3.12.3stable-Win64 and also on 3.12.3 on ubuntu.

[camilasan]

I assigned myself to investigate this, didn't reproduce this yet.

[functionpointer]

Should pretty easy to reproduce. All that's needed is nginx with TLS client authentication. Then try to add an account:

[functionpointer]

I found another bug: When HSTS is configured, the dialog for entering client certificate doesn't appear at all.

[WinkelB]

#6493
Yesterday, I had no problems logging into the desktop app with mTLS settings enabled. However, I can confirm that I'm also experiencing issues with HSTS enabled.

[pepramon]

Same here with Arch Linux client (version 3.15.2) working with gnome.

I can connect if I disable HSTS from the server. The client asks for the client key, connects, syncs, etc...

BUT when I restart the computer or Nexcloud client sync app, can not connect and appears the error I have configured if the auth fails. Is like not store client key and certificate.

Any idea?

It's necessary I open a new issue? (different version, different oss, etc...)