New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Certificate change is handled badly #777

Closed
gordonmessmer opened this Issue May 25, 2017 · 9 comments

Comments

Projects
None yet
6 participants
@gordonmessmer

gordonmessmer commented May 25, 2017

When a server's certificate changes, ChatSecure iOS stops connecting to the server. No indication of the problem is immediately evident. If the user selects the account details and then "Edit Account", a pop-up indicating that the certificate has changed and allowing the user to accept the certificate will pop up. This seems to be the only place that pop-up will appear, and it is not at all obvious that users should look here.

When using Let's Encrypt certs, this will happen every 90 days, which will become a big headache for users.

The pop-up for a new cert should pop up on any screen in the application, or it should never pop-up at all, and the application should accept any valid, signed certificate.

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger May 25, 2017

Member

Ah thanks for the reminder, this is a regression made worse by the new account details UI. As a temporary workaround you can re-use the same private key with lets encrypt, but that has other drawbacks.

It shouldn't be too hard to show the dialog throughout the application. Showing a local notification in the background may be helpful as well if you don't open the app very often. Also showing the error directly on the account cell on the settings screen, similar to when push isn't configured properly.

Member

chrisballinger commented May 25, 2017

Ah thanks for the reminder, this is a regression made worse by the new account details UI. As a temporary workaround you can re-use the same private key with lets encrypt, but that has other drawbacks.

It shouldn't be too hard to show the dialog throughout the application. Showing a local notification in the background may be helpful as well if you don't open the app very often. Also showing the error directly on the account cell on the settings screen, similar to when push isn't configured properly.

@bloedersack

This comment has been minimized.

Show comment
Hide comment
@bloedersack

bloedersack Jun 13, 2017

I notice the same issue with Lets Encrypt. You would like to fix it in one of the next updates?

bloedersack commented Jun 13, 2017

I notice the same issue with Lets Encrypt. You would like to fix it in one of the next updates?

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger Aug 1, 2017

Member

Fix will be included in upcoming 4.1.1 release

Member

chrisballinger commented Aug 1, 2017

Fix will be included in upcoming 4.1.1 release

@ncoba14

This comment has been minimized.

Show comment
Hide comment
@ncoba14

ncoba14 Aug 28, 2017

where i can change default server chatsecure to my server?, please..

ncoba14 commented Aug 28, 2017

where i can change default server chatsecure to my server?, please..

@tristan-k

This comment has been minimized.

Show comment
Hide comment
@tristan-k

tristan-k Oct 15, 2017

So coming in version 4.1.1 there will be a pop-up dialog - or how is it handled then?

tristan-k commented Oct 15, 2017

So coming in version 4.1.1 there will be a pop-up dialog - or how is it handled then?

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger Oct 15, 2017

Member
Member

chrisballinger commented Oct 15, 2017

@tristan-k

This comment has been minimized.

Show comment
Hide comment
@tristan-k

tristan-k Oct 17, 2017

@chrisballinger Are the changes to the way certificates are handled already merged in the latest testflight release 4.1.1 (100)? I'm testing push with a friend right now.

tristan-k commented Oct 17, 2017

@chrisballinger Are the changes to the way certificates are handled already merged in the latest testflight release 4.1.1 (100)? I'm testing push with a friend right now.

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger Oct 17, 2017

Member
Member

chrisballinger commented Oct 17, 2017

@tmolitor-stud-tu

This comment has been minimized.

Show comment
Hide comment
@tmolitor-stud-tu

tmolitor-stud-tu Aug 29, 2018

Why don't you automatically accept certificates that are signed by a trusted CA?

iOS comes with a predefined cetificate store of trusted CAs, you can just use that to validate the certificate.

I don't understand why a manual approval of every new valid certificate is needed at all.

tmolitor-stud-tu commented Aug 29, 2018

Why don't you automatically accept certificates that are signed by a trusted CA?

iOS comes with a predefined cetificate store of trusted CAs, you can just use that to validate the certificate.

I don't understand why a manual approval of every new valid certificate is needed at all.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment