New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow cleartext traffic and/or self-signed certificates #6
Comments
I'm not really fond of allowing self-signed certificates since it defeats the purpose of HTTPS, especially now that it is trivial to get valid certificates for free. I may, however, allow HTTP connections behind a configuration switch (which will have to be non-obvious, like behind a menu or something), which makes sense within a local network. |
I realize I may be an edge case but that toggle switch would be wonderful to allow HTTP. I prefer to keep my instance off the Internet and use Wireguard to secure communications instead of TLS. Either way, thank you for the consideration and your client. |
I second this issue, using a self-hosted solution of funkwhale with VPN, and I do not need https access. Currently I am unable to log in to my account with your app. |
I understand the use-case, and might be willing to consider adding an opt-in switch to allow cleartext traffic. Does anyone have a real public instance serving content through HTTP for me to start looking at it? An instance with full real data is needed for me to able to test all cases. |
The latest develop build now accepts both cleartext traffic and user CAs. This is not about self-signed certificates, which we're still unwilling to accept, but CA certificates added to the Android certificate store. |
@apognu i've just downloaded the app today and even after selecting the 'allow cleartext' button, i am getting a 'cleartext traffic to |
My Funkwhale instance is only available on a local network.
Unfortunately, this renders Otter unusable, because 'http' is not permitted (makes sense) and 'https' results in a "handshake failed" message.
I propose to add a checkbox "Allow self-signed certificates" at the login screen for cases like this.
The text was updated successfully, but these errors were encountered: