[FEATURE REQUEST] Self-Signed-Cert-Support
will2048 opened this issue ยท 4 comments
Hey there,
thanks a lot for this fine piece of software!
I successfully setup my nextcloud-server with a self-signed certificate.
The CA-Cert was imported to Android and works well.
No more Warning in Fennec, Grocy- and floccus-App are now working without any problem.
Only OSS-DocumentScanner throws:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
I followed these Links:
nativescript-community/https#10
https://medium.com/@noumaan/ssl-app-dev-a2923d5113c6
If I understand correctly it is only needed to add
<certificates src="user"/>
into
Maybe a switch to turn the ability to support user-certs on and off would be a security feature in this context.
@will2048 great investigation !
I will fix this. Dont think I will make it an option as I am not even sure I can (.making that XML value loaded or not).
Seeing Nextcloud do it by default https://github.com/nextcloud/android/blob/c5d4e135894a8e25d0b339f857551412ca7a68ce/app/src/main/res/xml/network_security_config.xml I think I can safely do the same
Thanks for your swift reaction.
Yeah, ich checked the network_securtiy_config.xml of floccus- and grocy-app and they have it set as well. They also have no special setting to allow user-CAs in special.
And now that I am thinking: There is a very big an detailed warning before importing a user-CA-cert und you have to authenticate again by PIN/fingerprint. So now I think that an option is not needed...
I will give feedback here when it's built in and I can test it.
Sales slips / till receipts: HERE I COME! ๐
@will2048 published a new version. Let me know if it works
YES, SIR! ๐
Thanks a million.