Bug #2542
Support self signed SSL w/ F-Droid Client
Status: | Closed | Start date: | 11/19/2013 | |
---|---|---|---|---|
Priority: | Immediate | Due date: | ||
Assignee: | pd0x | % Done: | 0% | |
Category: | - | |||
Target version: | 0.2 - ChatSecure/Bluetooth | |||
Component: |
Description
F-Droid client currently throws a SSLHandshakeException when connecting to an HTTPS repository using a self-signed certificate. CertPathValidatorException - "Trust anchor for certification path not found."
It seems like an approach similar to ChatSecure could be taken here. Pinning TOFU?
Presently the repo fails to update with no chance for the user to override.
Related issues
Associated revisions
History
#1 Updated by hans about 4 years ago
- Target version changed from 0.1 - "Kerplapp" to 0.2 - ChatSecure/Bluetooth
#2 Updated by hans about 4 years ago
- Priority changed from Normal to Immediate
#3 Updated by pd0x about 4 years ago
- Status changed from New to Resolved
- Assignee set to pd0x
Adding support for self signed SSL w/ F-droid client by adding Ge0rg's MemorizingTrustManager to the F-droid client. Additionally added SPKI pinning with Moxie0's AndroidPinning library and prebaked the official Fdroid TLS cert and the Guardian Project TLS cert into the pin store.
Pull req with changes https://gitorious.org/f-droid/fdroidclient/merge_requests/56 was submitted against the development branch of the f-droid client. mvdan in #fdroid estimates this will be merged into a test build in the coming weeks and into the official client in ~a month.
Updating status to resolved, will close when patch is merged.