Doesn't work with self-signed certificates

[mtettke123]

GIves an error message if you have a self-signed certificate (which I use for testing), so not usable.

[kdrobnyh]

Can confirm that, having the same issue.

[kolaente]

@Benimautner Should this be fixed in the app or should it work if users import the certificate into android's ca store?

[mtettke123]

I don't like the idea of importing (temporary) self-signed certificates in the Android CA ...

[Benimautner]

This should probably be fixed in the app. Maybe by importing the cert directly or by only showing a warning if an untrusted certificate is used. I like the first one better, the second one seems very insecure.

I was AFK for the last couple of days so excuse my late response. I will take a look at it in the coming days.

[mtettke123]

Some common solution seems to be an option in the settings "dont verify certificates"

[Benimautner]

Attached is a version of the app implementing this.
I don't have time to set up my vikunja instance with a self-signed cert so please try it and tell me if it works.
I know some other parts of the app are buggy right now. That's because I had to switch libraries, and the new one is doing weird stuff. A dedicated release will be available once everything is back to normal.
app-main-release.zip

[kdrobnyh]

@Benimautner, maybe I miss something, but I have to log in first to be able to change options. Right now I still can't log in.

[Benimautner]

@kdrobnyh True, my mistake. Here you go.
app-main-release.zip

[mtettke123]

can confirm it's working now. Thank you!

[kdrobnyh]

@Benimautner, "HttpException: Content size exceeds specified contentLength. 4 bytes written while expected 0. [null]". Do you have any idea what can cause this? Also, "login with frontend" just freezes with a white screen.

[mtettke123]

Strange. I had the exact same error message on first try, second try worked wothout an error. Thought it was my mobile phone fooling around...

[Benimautner]

This is a bug which occurs when two requests happen too close to each other, as discovered by @k9withabone. This needs a fix asap, but we need to think about possible solutions first.

[Benimautner]

So the temporary workaround is to retry the request every time it fails. This will be fixed in a later release, but as self-signed certs are supported in the newest version, I will close this issue. Feel free to reopen it if you need anything else.

[Benimautner]

Hi!
I am currently trying to fix the issue where the app does not load every request properly. I have not been able to set up a test instance with a self-signed cert, so it'd be great if you could test whether this still works in the new fix. For that, please download the APK from this comment.

Thanks in advance!

[kdrobnyh]

Still have HandshakeException: Handshake error in client (OS Error: CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate (handshake.cc:393)). It happens with and without ignore certificates checked.

[Benimautner]

I think I finally figured it out. I set up my own self-signed cert to debug with, and it works for me. Just one last round of feedback before I create a release would be great.
app-main-release.zip

[kdrobnyh]

Looks like the app works now, thanks!

[Benimautner]

published in v0.0.20-alpha