Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Certificate change is handled badly #777
When a server's certificate changes, ChatSecure iOS stops connecting to the server. No indication of the problem is immediately evident. If the user selects the account details and then "Edit Account", a pop-up indicating that the certificate has changed and allowing the user to accept the certificate will pop up. This seems to be the only place that pop-up will appear, and it is not at all obvious that users should look here.
When using Let's Encrypt certs, this will happen every 90 days, which will become a big headache for users.
The pop-up for a new cert should pop up on any screen in the application, or it should never pop-up at all, and the application should accept any valid, signed certificate.
Ah thanks for the reminder, this is a regression made worse by the new account details UI. As a temporary workaround you can re-use the same private key with lets encrypt, but that has other drawbacks.
It shouldn't be too hard to show the dialog throughout the application. Showing a local notification in the background may be helpful as well if you don't open the app very often. Also showing the error directly on the account cell on the settings screen, similar to when push isn't configured properly.
added a commit
Aug 1, 2017
Yes I am having issues with a localization bug in Apple's submission process preventing me from pushing new builds. They are "working on it"…
On Sun, Oct 15, 2017 at 6:19 AM, ǝʞɔoʃʞ uɐʇsıɹʇ ***@***.***> wrote: So coming in version 4.1.1 there will be pop-up dialog - or how is it handles then? — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub <#777 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAfqH4Ptfjjwl7TWES0DIigp6vwHNVqCks5ssgZVgaJpZM4Nl7uH> .
I think so, are you on that release?…
On Tue, Oct 17, 2017 at 4:01 AM, ǝʞɔoʃʞ uɐʇsıɹʇ ***@***.***> wrote: @chrisballinger <https://github.com/chrisballinger> Are the changes to the way certificates are handled already merged in the latest testflight release 4.1.1 (100)? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#777 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAfqH-JWpGaoQxN5F7MCWl_VHMwctxqkks5stIjsgaJpZM4Nl7uH> .
Why don't you automatically accept certificates that are signed by a trusted CA?
iOS comes with a predefined cetificate store of trusted CAs, you can just use that to validate the certificate.
I don't understand why a manual approval of every new valid certificate is needed at all.