Allow cleartext traffic and/or self-signed certificates #6
Comments
|
I'm not really fond of allowing self-signed certificates since it defeats the purpose of HTTPS, especially now that it is trivial to get valid certificates for free. I may, however, allow HTTP connections behind a configuration switch (which will have to be non-obvious, like behind a menu or something), which makes sense within a local network. |
I realize I may be an edge case but that toggle switch would be wonderful to allow HTTP. I prefer to keep my instance off the Internet and use Wireguard to secure communications instead of TLS. Either way, thank you for the consideration and your client. |
|
I second this issue, using a self-hosted solution of funkwhale with VPN, and I do not need https access. Currently I am unable to log in to my account with your app. |
apognu
changed the title
|
I understand the use-case, and might be willing to consider adding an opt-in switch to allow cleartext traffic. Does anyone have a real public instance serving content through HTTP for me to start looking at it? An instance with full real data is needed for me to able to test all cases. |
|
The latest develop build now accepts both cleartext traffic and user CAs. This is not about self-signed certificates, which we're still unwilling to accept, but CA certificates added to the Android certificate store. |
|
@apognu i've just downloaded the app today and even after selecting the 'allow cleartext' button, i am getting a 'cleartext traffic to |
My Funkwhale instance is only available on a local network.
Unfortunately, this renders Otter unusable, because 'http' is not permitted (makes sense) and 'https' results in a "handshake failed" message.
I propose to add a checkbox "Allow self-signed certificates" at the login screen for cases like this.
The text was updated successfully, but these errors were encountered: