Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Certificate change is handled badly #777

Closed
gordonmessmer opened this issue May 25, 2017 · 10 comments
Closed

Certificate change is handled badly #777

gordonmessmer opened this issue May 25, 2017 · 10 comments

Comments

@gordonmessmer
Copy link

gordonmessmer commented May 25, 2017

When a server's certificate changes, ChatSecure iOS stops connecting to the server. No indication of the problem is immediately evident. If the user selects the account details and then "Edit Account", a pop-up indicating that the certificate has changed and allowing the user to accept the certificate will pop up. This seems to be the only place that pop-up will appear, and it is not at all obvious that users should look here.

When using Let's Encrypt certs, this will happen every 90 days, which will become a big headache for users.

The pop-up for a new cert should pop up on any screen in the application, or it should never pop-up at all, and the application should accept any valid, signed certificate.

@chrisballinger
Copy link
Member

chrisballinger commented May 25, 2017

Ah thanks for the reminder, this is a regression made worse by the new account details UI. As a temporary workaround you can re-use the same private key with lets encrypt, but that has other drawbacks.

It shouldn't be too hard to show the dialog throughout the application. Showing a local notification in the background may be helpful as well if you don't open the app very often. Also showing the error directly on the account cell on the settings screen, similar to when push isn't configured properly.

@bloedersack
Copy link

bloedersack commented Jun 13, 2017

I notice the same issue with Lets Encrypt. You would like to fix it in one of the next updates?

@chrisballinger
Copy link
Member

chrisballinger commented Aug 1, 2017

Fix will be included in upcoming 4.1.1 release

@ncoba14
Copy link

ncoba14 commented Aug 28, 2017

where i can change default server chatsecure to my server?, please..

@tristan-k
Copy link

tristan-k commented Oct 15, 2017

So coming in version 4.1.1 there will be a pop-up dialog - or how is it handled then?

@chrisballinger
Copy link
Member

chrisballinger commented Oct 15, 2017

@tristan-k
Copy link

tristan-k commented Oct 17, 2017

@chrisballinger Are the changes to the way certificates are handled already merged in the latest testflight release 4.1.1 (100)? I'm testing push with a friend right now.

@chrisballinger
Copy link
Member

chrisballinger commented Oct 17, 2017

@tmolitor-stud-tu
Copy link

tmolitor-stud-tu commented Aug 29, 2018

Why don't you automatically accept certificates that are signed by a trusted CA?

iOS comes with a predefined cetificate store of trusted CAs, you can just use that to validate the certificate.

I don't understand why a manual approval of every new valid certificate is needed at all.

@heurekus
Copy link

heurekus commented Feb 22, 2019

Hm, certificate approval still seems hidden and manual certificate acks are required in 4.3.6. Took me a while to figure this out. Total show stopper to recommend this app to normal users.The default must be trust in valid certificates. Great to have an option to manually approve, but it should really be an option turned off by default.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants