-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Address issue that letsencrypt certs will no longer be working on pre Android 7.1 devices #1277
Comments
Out of interest because I guess I'll have to implement a workaround as well, how many Vespucci users on Google Play use a version older than 7.1.1, absolute and in percent? For StreetComplete it's currently 280 users or 3.5%. According to my extrapolation, it will be around 2% or 170 users in September 2021. In these numbers, F-Droid users are unaccounted for. They make up for 5-15% of users. In any case, a number that shouldn't fall under the table. |
I'll have a look later, but the primary short term concern for us are imagery sources, the OSM API won't be an issue before September. |
Oh, then I didn't understand that article. Why will imagery sources be a problem before September? |
It is rather unlikely that the imagery sources are aware of the issue and will explictly ask for the certificate chain with the crossigned cert for renewals (which is what OSM ops is doing). In September that won't help anymore, but it at least gives some wiggle room till then. |
Numbers (per today) 7.0 - ...: 696 = 12% It isn't quite clear what 7.1 contains so that is probably just upper limit and might be a bit lower. We don't have any numbers for f-droid, but from bug reports etc. it is seems to be quite popular, so I would suspect that we have at least 1'000 users that are potentially effected. |
See https://community.letsencrypt.org/t/transition-to-isrgs-root-delayed-until-jan-11-2021/125516/2 for some information on the --preferred-chain argument to certbot. |
D-day has arrived #2556 |
This allows connections to sites using letsencrypt certificates to continue to work for now on pre Android 7.1 devices. In particular this affects the OSM API. It is likely that this fix increases memory usage by multiple MBs. Note: this does not solve the issue for things that do not use OkHttp, for example ACRA. Resolves #2556 Resolves #1277
See https://letsencrypt.org/2020/11/06/own-two-feet.html
This will effect access to the OSM API (except if they spend some funds on getting certs from somewhere else) and, less important, to the crash reporting and other secondary sites (mapsplit site for example).
Potentially we can include the current letsencrypt cert with the app, needs to be investigated.
This will effect OSM API access and likely a large number of imagery sources.
The text was updated successfully, but these errors were encountered: