Librem 5: Caldav (and carddav) compatible client with support for TLS Client certificate authentication


I am seriously considering buying a Librem 5 as my next phone. However, I would need to know that there is a Caldav (and carddav) compatible client with support for TLS Client certificate authentication.
On Android I use CalDAV-Sync and CalendarSync. However, I have not found a working alternative for desktop Linux and would therefore like to know if something like that is planned for the Librem phone.

Maybe Gnome Calender? Gnome Calende can sync with Google (probably don’t want to use that for obvious reasons), NextCloud and MS Exchange. It transfer and authenticates over HTTPS (at least to my knowlede), so all traffic is encrypted with TLS.

Also, since Purism is collaborating with UBports. Linbrem 5 will be able to run Ubuntu Touch, which has a calendar app available.

Indeed when GNOME technologies and apps are involved, you get this “for free” with Evolution Data Server and/or GNOME Online Accounts. My calendar sources and appointments are currently visible in Evolution, GNOME Calendar, and GNOME shell too. You can easily integrate caldav sources using, as marty pointed out, a Nextcloud account hosted wherever you want (or Google Calendar accounts, or custom URLs to some webcal/caldav thing).

As it’s already possible on the desktop and the backends are all there (it seems much more versatile than what I’ve seen on existing mobile platforms so far), it would mostly look like a matter of adapting GNOME Calendar’s UI for mobile usecases in my personal opinion, using some work that Adrien has been preparing for GTK. Feel free to get involved today in GNOME Calendar upstream, it’s a great project and they can use all the help they can get!

I’m not sure how GNOME Calendar’s UI handles certificates validation etc., but I know that Evolution (and therefore E-D-S?) handles those. I frequently get warnings when the stupid captive portals try to mess with my system in airports…

First of all, thank you both for the replies. However, these solutions do not support TLS Client Certificate authentication. At work we use an egroupware caldav/carddav server. Authenticating the server (simple TLS) is not sufficient for our security policy. Evolution does not handle Client certificates on the Linux desktop (at least it did not last time I checked on the developer mailing list in 2015, and a quick internet search did not indicate that anything has changed since). The only desktop linux solution that worked for me (but does not any more) was using thunderbird with the SoGo connector, which besides not working any more is not a nice solution for a phone form factor.

I have used Ubuntu touch on the BQ 4.5 and this missing functionality was the only reason I could not use the OS as a daily driver (the hardware of course was underpowered, but that had nothing to do with the OS).

Have a look over here:
I’m a happy user for a few years now (still on iOS and Mac) but they serve Linux too!

Hello Leukevent, thank you. However, I am not in search for a server side solution and I am neither willing nor legally allowed to share my contacts with any third party. We already have a webdav server, the only problem is finding a linux client compatible with TLS CLIENT certificate authentication, that would also run on the phone.

Hi Denny,

I’m using eGroupware as well. I’m using thunderbird/lightning to access the calendar and the cardbook extension for contacts. In order to get client certificate authentication working I just had to install the certificate in thunderbird’s certificate store. I still have to supply username/password for the eGroupware server behind apache’s client certificate authentication. Or do you have a modified version of eGroupware that allows access to the groupdav.php without basic auth/client certificate only?


1 Like

Wow, disabling SoGo and using the cardbook extension really worked. Thank you for that!

Calendar does not work. I haven’t figured out yet why.

Thunderbird is not an ideal solution for the phone, but it is promising, and it sure is great for the desktop.

Do you actually have an egroupware modification that allows groupdav.php to get accessed when authenticated only with a certificate (without username/password)? At the moment I’m using davdroid and there I can only authenticate either with certificate or with username/password. But on my system I have to present a certificate first and then I have to authenticate to egroupware with username/password.

BTW, calendars work for me as well in thunderbird. I’m using the following URL:


1 Like

No, I have to authenticate with both. But I have saved my credentials in thunderbird. On android I use CalendarSync (proprietary) and Contactsync, which work.

this worked,


thank you!

I appreciate GNOME Calendar being the default calendar app on Purism devices. Just like the Geary email client that I already enjoy a lot.

However, the Calendar application needs some serious love (and attention from Purism). I’m trying to use it for my private and corporate scheduling, and it’s a very limiting experience – as soon as you use more than just Google calendars.

  • Look at issue 303 in the GNOME Calendar issue tracker. (Why does Google Spy Technologies Inc. have better integration than free standards and protocols?)
  • Calendar crashes when you move a calendar entry (unreported but my own experience), and when you add one (#297, #298, #299).

This all needs to get fixed. I think, both seamless integration and reliability are equally important for user/platform acceptance.