Skip to content
This repository

Detect self-signed SSL certs and allow their manual installation #66

Closed
ajlyon opened this Issue · 8 comments

3 participants

Avram Lyon megatron-me-uk asad00
Avram Lyon
Owner

Many people running their own WebDAV setups use self-signed SSL certificates. Android does not provide a way of installing such certificates system-level, so we'll need to add support for them in our application. We can probably do this with a try/catch for the WebDAV connection (which we need anyway for better error reporting), and a new certificate install apparatus. It appears that we can set up our own SSLContext and specify additional allowed certificates, which we'll likely want to do.

Issue summary: http://www.mcbsys.com/techblog/2010/12/android-certificates/
SSLContext: http://code.google.com/p/android/issues/detail?id=11231#c15

Avram Lyon
Owner

This is fixed in Android 4.0 (ICS): http://code.google.com/p/android/issues/detail?id=11231#c107

But still would be nice to implement for Android 2.1/2.2+, since Android 4.0 won't be mainstream for at least 1-2 years.

megatron-me-uk

I found the easiest way to deal with this problem is to provide a webpage that returns your certificate authority public certificate with a special header, android will install the certificate from the browser. This certainly works on 4.0 and 2.1. Perhaps asking for the certificate file and then pointing the browser to it or suggesting this within a help file?

Based on: http://www.realmb.com/droidCert/
In php:
<?
header("Content-Type: application/x-x509-ca-cert");
?>
-----BEGIN CERTIFICATE-----
...
LONG HASH
...
-----END CERTIFICATE-----

Avram Lyon
Owner

So you've confirmed that the cert is available to Zandy for its WebDAV requests after you save it? My reading of the docs and comments online was that the browser's certificate store was separate from the one available to apps.

megatron-me-uk
Avram Lyon
Owner
megatron-me-uk

ok in 2.1 it does not seem to work... the odd thing is that there are no relevant errors in the logs (searching for webdav, cert, domain, https, etc.). Could you point me to the relevant code so I can add some Log debug calls?

asad00

hi, could you please help me that how do I connect zotero database with android app.

Avram Lyon
Owner

This is working in 4.0+, which is now mainstream enough for me to be OK with calling that a sufficient solution.

Avram Lyon ajlyon closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.