-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support User CAs on Android #66
Comments
There is an option in the settings called "Ignore certificates" which should help you do what you want to. |
Yes, the option "Ignore certificates" works - but it's the wrong solution. I still want to check my certificate, ignoring it makes the communication vulnerable to MITM attack - at this point one could just use plain HTTP, which also saves on the encryption overhead. |
Yes I know and it's on the roadmap, but the app is in beta and this is a quick but dirty solution to the problem. You're welcome to submit a PR. |
It looks like this is the issue: Basically, the SDK doesn't follow the system trust store. The "fix" is to use another HTTP client (platform-specific) that respects the system CAs: http.Client get httpClient {
if (Platform.isAndroid) {
final engine = cronet_http.CronetEngine.build(
cacheMode: cronet_http.CacheMode.memory, cacheMaxSize: 1000000);
return cronet_http.CronetClient.fromCronetEngine(engine);
}
if (Platform.isIOS || Platform.isMacOS) {
final config =
cupertino_http.URLSessionConfiguration.ephemeralSessionConfiguration()
..cache =
cupertino_http.URLCache.withCapacity(memoryCapacity: 1000000);
return cupertino_http.CupertinoClient.fromSessionConfiguration(config);
}
return io_client.IOClient();
} |
I'm sorry for not getting back to you sooner, I've been super busy at work and other projects! Yep, that looks like a good solution. I'll try it out and let you know. |
feat: add policy to AndroidManifest
feat: add policy to AndroidManifest
For some reason Vikunja doesn't use the system trust store on Android - or at least it doesn't care about the user-provided CAs.
This results in an handshake failure.
I have tried to add a network_security_config file, but this approach doesn't seem to work.
The text was updated successfully, but these errors were encountered: