Feat #13555 add server cert field, similar to client cert #14335
Conversation
|
Label error. Requires exactly 1 of: changelog:.*. Found: 📱mobile |
crisoagf
force-pushed
the
add-personal-root-cert
branch
from
678fd71
to
5e498ec
Compare
|
Hey, could you please provide more information on what this is supposed to achieve? |
Sure thing! This is an attempt to implement certificate selection for self-signed/enterprise-signed servers without simply disabling SSL certificate checking. It creates another settings field, similar to the client certificate selection, to import a root or self-signed certificate and use that for connection validation. AFAICT, this is only needed for Android, for iPhones already respect user imported certificates. Currently, the only option for custom root certs or self-signed certs in Android is "Allow self-signed SSL certificates" that accepts any certificate that matches the hostname, which is at least a bit scary from an MITM attack perspective. Context is #13555 . |
Initial code for server certificate field.