[Feature request]: Support for Self-Signed Certificates

[ahormann]

Is your feature request related to a problem? Please describe

I have a Nextcloud Server with HTTPS that uses a Self-Signed Certificate.
When I want to add a DAV remote to Butterfly 2.0.0-beta.15 i get a Handshake Error that states that the validation of the certificate failed.

Describe your feature request!

Add a Checkbox in the Menu where you enter the URL and Login-Data for a new DAV Connection.
When it is checked Self-Signed Certificates are allowed.

Additional context

Maybe this gets resolved with the Nextcloud-Support Ticket?

Code of Conduct

• I agree to follow this project's Code of Conduct

[CodeDoctorDE]

Self signed websites can be dangerous.
Do you want to disable certificate checking?

[ahormann]

I know, but I trust my self-hosted server.
Exactly, some Option to say "I know this site may be dangerous, I trust it anyway".
Or alternatively accept user certificates imported to the system (a lot more unlikely to do without knowing what you are doing).

[CodeDoctorDE]

I get the certificate when a bad certificate was recognized . We could make it more secure when saving the Sha1 when adding https://api.flutter.dev/flutter/dart-io/X509Certificate-class.html

[CodeDoctorDE]

This would be the last feature request I will add for the 2.0 stable. After this, I will add the next issues in 2.0.1 or 2.1

[CodeDoctorDE]

Theoretically we could also allow certain certificates. What would be easier?

[ahormann]

Is this a question to me or to your fellow Devs?

[CodeDoctorDE]

i ask you, i currently have no other devs

[ahormann]

Oh okay. I am not sure how to understand the Question.
How would one define those certain certificates?
From a user perspective it would be easiest to have a toggle to ignore validation, but it's also easier to do accidentally when you use a dangerous server.

Alternatively Android allows for installing additional CA-Certificates, which some Apps just accept.
It is effort to install, but you only do it once per device and is less likely to be done accidentally.

Is your idea to upload the certificate to the App?
This would be an uncommon choice, while I saw both of the above used successfully. It doesn't seem like something that should be handled per App.

[CodeDoctorDE]

Yeah, i think that would be more overload for such a small feature.
Now it just shows you the fingerprint of the certificate and you can click on continue anyway.
Can you test it out if it was built here:https://github.com/LinwoodDev/Butterfly/actions/runs/7057716690?

[CodeDoctorDE]

I can't test myself if documents fetching works on unsecure connection but when serving a simple https server, it works on my side.

[ahormann]

The Fingerprint is shown very weirdly (only special characters from foreign languages, the actual fingerprint is in the format A1:B2:D5:... (Only Hex numbers), but the connection works.
It does upload an empty Templates folder, but I did not manage to upload a file. Is there something I need to do to trigger the sync?

[CodeDoctorDE]

Hmm, theoretically it does it automatically. Maybe the sync code isn't working really good. I wrote it a year ago. If you want to have a reliably connection, the nextcloud sync app could work.

And I will look how I can improve the format

[ahormann]

Using the Nextcloud Sync App would be the best solution! But I don't get that to work either :/
When I use the Local option and use the Nextcloud folder it tells me /Documents/ is an Read-Only file System. It also fails to display a non-empty name.

I now also got a new Problem with the DAV connection:
"Bad state: No element". I can not add Elements (folders or files) either.

[CodeDoctorDE]

I'm on it, i think i found the problem. I let you know when I fixed it

[CodeDoctorDE]

Fixed, can you try out this build if it is done: c04f8a1

[CodeDoctorDE]

Here is the link to the build: https://github.com/LinwoodDev/Butterfly/actions/runs/7059068970.
I also fixed the display for the fingerprint.
Can you test it out?

[CodeDoctorDE]

Added in 2.0.0-rc.0.
For me it works perfectly on a normal not-self signed server.
Please answer on this issue if you have any problems