Allow but pin self signed certificates / CACert #42
Labels
Comments
ghost
assigned 
|
Yes I've talked with the News App developer already about this issue. I'm going to improve it in a future version but first I've to fix some other issues which are more important atm. |
|
I think since 0.3.4 --> STRICT_HOSTNAME_VERIFICATION it's not possible any longer.. isn't it ? |
|
I think this is still the same issue if an MitM sends me a false certificate with the right hostname. |
|
you should have a look at this: https://github.com/moxie0/AndroidPinning |
|
Thank you for the information, I'm going to read it. But atm I've not as much time as I like to have |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
My owncloud uses a certificate by CACert. (I know I could import their cert on a rooted phone but I may not have one).
At the moment my only option to connect is to "Allow any SSL Certificate".
Could you add an option to acknowledge or deny the certificate when it changes? Atm I would send my credentials to anyone doing MitM.
Would be great!
The text was updated successfully, but these errors were encountered: