-
-
Notifications
You must be signed in to change notification settings - Fork 255
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow but pin self signed certificates / CACert #42
Comments
Yes I've talked with the News App developer already about this issue. I'm going to improve it in a future version but first I've to fix some other issues which are more important atm. |
I think since 0.3.4 --> STRICT_HOSTNAME_VERIFICATION it's not possible any longer.. isn't it ? |
I think this is still the same issue if an MitM sends me a false certificate with the right hostname. |
you should have a look at this: https://github.com/moxie0/AndroidPinning |
Thank you for the information, I'm going to read it. But atm I've not as much time as I like to have |
My owncloud uses a certificate by CACert. (I know I could import their cert on a rooted phone but I may not have one).
At the moment my only option to connect is to "Allow any SSL Certificate".
Could you add an option to acknowledge or deny the certificate when it changes? Atm I would send my credentials to anyone doing MitM.
Would be great!
The text was updated successfully, but these errors were encountered: