Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Certificate change is handled badly #777

Closed
gordonmessmer opened this issue May 25, 2017 · 10 comments
Closed

Certificate change is handled badly #777

gordonmessmer opened this issue May 25, 2017 · 10 comments

Comments

@gordonmessmer
Copy link

@gordonmessmer gordonmessmer commented May 25, 2017

When a server's certificate changes, ChatSecure iOS stops connecting to the server. No indication of the problem is immediately evident. If the user selects the account details and then "Edit Account", a pop-up indicating that the certificate has changed and allowing the user to accept the certificate will pop up. This seems to be the only place that pop-up will appear, and it is not at all obvious that users should look here.

When using Let's Encrypt certs, this will happen every 90 days, which will become a big headache for users.

The pop-up for a new cert should pop up on any screen in the application, or it should never pop-up at all, and the application should accept any valid, signed certificate.

@chrisballinger
Copy link
Member

@chrisballinger chrisballinger commented May 25, 2017

Ah thanks for the reminder, this is a regression made worse by the new account details UI. As a temporary workaround you can re-use the same private key with lets encrypt, but that has other drawbacks.

It shouldn't be too hard to show the dialog throughout the application. Showing a local notification in the background may be helpful as well if you don't open the app very often. Also showing the error directly on the account cell on the settings screen, similar to when push isn't configured properly.

@bloedersack
Copy link

@bloedersack bloedersack commented Jun 13, 2017

I notice the same issue with Lets Encrypt. You would like to fix it in one of the next updates?

chrisballinger added a commit that referenced this issue Aug 1, 2017
@chrisballinger
Copy link
Member

@chrisballinger chrisballinger commented Aug 1, 2017

Fix will be included in upcoming 4.1.1 release

@ncoba14
Copy link

@ncoba14 ncoba14 commented Aug 28, 2017

where i can change default server chatsecure to my server?, please..

@tristan-k
Copy link

@tristan-k tristan-k commented Oct 15, 2017

So coming in version 4.1.1 there will be a pop-up dialog - or how is it handled then?

@chrisballinger
Copy link
Member

@chrisballinger chrisballinger commented Oct 15, 2017

@tristan-k
Copy link

@tristan-k tristan-k commented Oct 17, 2017

@chrisballinger Are the changes to the way certificates are handled already merged in the latest testflight release 4.1.1 (100)? I'm testing push with a friend right now.

@chrisballinger
Copy link
Member

@chrisballinger chrisballinger commented Oct 17, 2017

@tmolitor-stud-tu
Copy link

@tmolitor-stud-tu tmolitor-stud-tu commented Aug 29, 2018

Why don't you automatically accept certificates that are signed by a trusted CA?

iOS comes with a predefined cetificate store of trusted CAs, you can just use that to validate the certificate.

I don't understand why a manual approval of every new valid certificate is needed at all.

@heurekus
Copy link

@heurekus heurekus commented Feb 22, 2019

Hm, certificate approval still seems hidden and manual certificate acks are required in 4.3.6. Took me a while to figure this out. Total show stopper to recommend this app to normal users.The default must be trust in valid certificates. Great to have an option to manually approve, but it should really be an option turned off by default.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
7 participants
You can’t perform that action at this time.