Task #2896

write tests for F-Droid HTTPS chain verifier

Added by hans almost 4 years ago. Updated over 2 years ago.

Status:ClosedStart date:01/22/2014
Priority:HighDue date:
Assignee:pd0x% Done:

0%

Category:-
Target version:-
Component:

Description

Now that F-Droid has accepted our experimental technique of verifying HTTPS certificates, there should be a test suite to make sure it is doing the right thing. At the very least it could set up local connections with a variety of conditions: self-signed, self-signed expired, CA-signed expired, CA-signed hostname mismatch, etc. Ideally there would be a way to test a MITM with it, but that's probably a lot harder.


Related issues

Related to Bazaar - Task #2959: tests for adding repos with fingerprints New 02/13/2014
Related to Bazaar - Bug #3336: changing pin fingerprint in fdroid does not trigger any e... Closed 05/02/2014

History

#1 Updated by hans almost 4 years ago

  • Priority changed from Immediate to High

#2 Updated by hans almost 4 years ago

There is now an Android Test Project included in fdroidclient, so there is an easy place to put the tests.

#3 Updated by hans over 3 years ago

  • Target version changed from improved security/usability to Integrate Kerplapp into FDroid

#4 Updated by hans over 3 years ago

  • Target version changed from Integrate Kerplapp into FDroid to new unified Downloader infrastructure

#5 Updated by hans over 3 years ago

  • Target version changed from new unified Downloader infrastructure to 134

#6 Updated by hans over 3 years ago

  • Status changed from New to Closed

AndroidPinning and MemorizingTrustManager have been removed from the FDroid app for now until it is more stable. A change in the f-droid.org certificate caused AndroidPinning to mark it as invalid, even though browsers think it is fine. I'm going to close this in favor of moving activity to this bug report:

https://gitlab.com/fdroid/fdroidclient/issues/80

#7 Updated by hans over 2 years ago

  • Target version deleted (134)

Also available in: Atom PDF