Support User CAs on Android #66
Comments
|
There is an option in the settings called "Ignore certificates" which should help you do what you want to. |
|
Yes, the option "Ignore certificates" works - but it's the wrong solution. I still want to check my certificate, ignoring it makes the communication vulnerable to MITM attack - at this point one could just use plain HTTP, which also saves on the encryption overhead. |
|
Yes I know and it's on the roadmap, but the app is in beta and this is a quick but dirty solution to the problem. You're welcome to submit a PR. |
|
It looks like this is the issue: Basically, the SDK doesn't follow the system trust store. The "fix" is to use another HTTP client (platform-specific) that respects the system CAs: http.Client get httpClient {
if (Platform.isAndroid) {
final engine = cronet_http.CronetEngine.build(
cacheMode: cronet_http.CacheMode.memory, cacheMaxSize: 1000000);
return cronet_http.CronetClient.fromCronetEngine(engine);
}
if (Platform.isIOS || Platform.isMacOS) {
final config =
cupertino_http.URLSessionConfiguration.ephemeralSessionConfiguration()
..cache =
cupertino_http.URLCache.withCapacity(memoryCapacity: 1000000);
return cupertino_http.CupertinoClient.fromSessionConfiguration(config);
}
return io_client.IOClient();
} |
|
I'm sorry for not getting back to you sooner, I've been super busy at work and other projects! Yep, that looks like a good solution. I'll try it out and let you know. |
feat: add policy to AndroidManifest
feat: add policy to AndroidManifest
For some reason Vikunja doesn't use the system trust store on Android - or at least it doesn't care about the user-provided CAs.
This results in an handshake failure.
I have tried to add a network_security_config file, but this approach doesn't seem to work.
The text was updated successfully, but these errors were encountered: