Detect self-signed SSL certs and allow their manual installation #66

Closed
avram opened this Issue Nov 15, 2011 · 8 comments

Projects

None yet

3 participants

@avram
Owner
avram commented Nov 15, 2011

Many people running their own WebDAV setups use self-signed SSL certificates. Android does not provide a way of installing such certificates system-level, so we'll need to add support for them in our application. We can probably do this with a try/catch for the WebDAV connection (which we need anyway for better error reporting), and a new certificate install apparatus. It appears that we can set up our own SSLContext and specify additional allowed certificates, which we'll likely want to do.

Issue summary: http://www.mcbsys.com/techblog/2010/12/android-certificates/
SSLContext: http://code.google.com/p/android/issues/detail?id=11231#c15

@avram
Owner
avram commented Dec 12, 2011

This is fixed in Android 4.0 (ICS): http://code.google.com/p/android/issues/detail?id=11231#c107

But still would be nice to implement for Android 2.1/2.2+, since Android 4.0 won't be mainstream for at least 1-2 years.

@megatron-me-uk

I found the easiest way to deal with this problem is to provide a webpage that returns your certificate authority public certificate with a special header, android will install the certificate from the browser. This certainly works on 4.0 and 2.1. Perhaps asking for the certificate file and then pointing the browser to it or suggesting this within a help file?

Based on: http://www.realmb.com/droidCert/
In php:

-----BEGIN CERTIFICATE-----
...
LONG HASH
...
-----END CERTIFICATE-----

@avram
Owner
avram commented Mar 31, 2012

So you've confirmed that the cert is available to Zandy for its WebDAV requests after you save it? My reading of the docs and comments online was that the browser's certificate store was separate from the one available to apps.

@megatron-me-uk

I can confirm this works for zandy in 4.0 ics, have been using it
extensively. As for other versions, I have only tested that a certificate
will be added in an emulator, not that it will work on an actual device or
in other apps. I will test that soon and comment.
On Mar 31, 2012 9:39 PM, "Avram Lyon" <
reply@reply.github.com>
wrote:

So you've confirmed that the cert is available to Zandy for its WebDAV
requests after you save it? My reading of the docs and comments online was
that the browser's certificate store was separate from the one available to
apps.


Reply to this email directly or view it on GitHub:
#66 (comment)

@avram
Owner
avram commented Mar 31, 2012

That's my concern-- ICS 4.0 has a central cert store which was not there in
previous versions.

@megatron-me-uk

ok in 2.1 it does not seem to work... the odd thing is that there are no relevant errors in the logs (searching for webdav, cert, domain, https, etc.). Could you point me to the relevant code so I can add some Log debug calls?

@asad00
asad00 commented Feb 19, 2013

hi, could you please help me that how do I connect zotero database with android app.

@avram
Owner
avram commented Jan 18, 2014

This is working in 4.0+, which is now mainstream enough for me to be OK with calling that a sufficient solution.

@avram avram closed this Jan 18, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment