Bug #2542

Support self signed SSL w/ F-Droid Client

Added by pd0x about 4 years ago. Updated almost 4 years ago.

Status:ClosedStart date:11/19/2013
Priority:ImmediateDue date:
Assignee:pd0x% Done:

0%

Category:-
Target version:0.2 - ChatSecure/Bluetooth
Component:

Description

F-Droid client currently throws a SSLHandshakeException when connecting to an HTTPS repository using a self-signed certificate. CertPathValidatorException - "Trust anchor for certification path not found."

It seems like an approach similar to ChatSecure could be taken here. Pinning TOFU?

Presently the repo fails to update with no chance for the user to override.


Related issues

Related to Bazaar - Feature #2541: support HTTPS in kerplapp repos Closed 11/19/2013
Related to Bazaar - Task #1981: investigate self-signed HTTPS key as signing key for jars Closed 10/02/2013
Related to Bazaar - Feature #2669: implement pin/tofu/ca/prompt for Fdroid client Closed 11/27/2013

Associated revisions

Revision b4ad77f3
Added by pd0x about 4 years ago

Use one keypair for all certificates.

Previously a new random public/private keypair were used for every self-signed
certificate in the Kerplapp Keystore. Now one random keypair is generated and
used for all certificates.

refs #1981, #2542

History

#1 Updated by hans about 4 years ago

  • Target version changed from 0.1 - "Kerplapp" to 0.2 - ChatSecure/Bluetooth

#2 Updated by hans about 4 years ago

  • Priority changed from Normal to Immediate

#3 Updated by pd0x about 4 years ago

  • Status changed from New to Resolved
  • Assignee set to pd0x

Adding support for self signed SSL w/ F-droid client by adding Ge0rg's MemorizingTrustManager to the F-droid client. Additionally added SPKI pinning with Moxie0's AndroidPinning library and prebaked the official Fdroid TLS cert and the Guardian Project TLS cert into the pin store.

Pull req with changes https://gitorious.org/f-droid/fdroidclient/merge_requests/56 was submitted against the development branch of the f-droid client. mvdan in #fdroid estimates this will be merged into a test build in the coming weeks and into the official client in ~a month.

Updating status to resolved, will close when patch is merged.

#4 Updated by pd0x almost 4 years ago

  • Status changed from Resolved to Closed

Patch is merged.

Also available in: Atom PDF