Task #2896
write tests for F-Droid HTTPS chain verifier
| Status: | Closed | Start date: | 01/22/2014 | |
|---|---|---|---|---|
| Priority: | High | Due date: | ||
| Assignee: | pd0x | % Done: | 0% | |
| Category: | - | |||
| Target version: | - | |||
| Component: |
Description
Now that F-Droid has accepted our experimental technique of verifying HTTPS certificates, there should be a test suite to make sure it is doing the right thing. At the very least it could set up local connections with a variety of conditions: self-signed, self-signed expired, CA-signed expired, CA-signed hostname mismatch, etc. Ideally there would be a way to test a MITM with it, but that's probably a lot harder.
Related issues
History
#1 Updated by hans almost 4 years ago
- Priority changed from Immediate to High
#2 Updated by hans almost 4 years ago
There is now an Android Test Project included in fdroidclient, so there is an easy place to put the tests.
#3 Updated by hans over 3 years ago
- Target version changed from improved security/usability to Integrate Kerplapp into FDroid
#4 Updated by hans over 3 years ago
- Target version changed from Integrate Kerplapp into FDroid to new unified Downloader infrastructure
#5 Updated by hans over 3 years ago
- Target version changed from new unified Downloader infrastructure to 134
#6 Updated by hans over 3 years ago
- Status changed from New to Closed
AndroidPinning and MemorizingTrustManager have been removed from the FDroid app for now until it is more stable. A change in the f-droid.org certificate caused AndroidPinning to mark it as invalid, even though browsers think it is fine. I'm going to close this in favor of moving activity to this bug report:
#7 Updated by hans over 2 years ago
- Target version deleted (
134)