AFAIK, there is no self-signed certs issue. It works fine with
self-signed certs, and I recommend using them when you don’t want to get
a cert from a public CA. Where is the issue? <<<
YES, THERE IS A PROBLEM–IT DOESN’T WORK (even after import). A server certificate,
signed by a PRIVATE RA or CA returns an error on JellyBean AND REFUSES
TO CONNECT – IMPOSSIBLE. Also, Subject Alt Names aren’t recognized.
“I/O error… hostname,… blah, blah, blah”. Self-signed includes ANY
possible cert in a chain of trust. I think Your definition of “self-signed”
means a simple test certificate which is signed by its own private key. Again,
PRIVATE RA/CA certificates do not work. Typical error codes from the
SSL libs might be 18 (classic self-signed test certificate) or 19 or 20
or 21 (private CA/RA). Use “openssl s_client” testing with various cert
configurations for examples. (How do I know? I wrote my own CA. Been
operational for a couple of years. Don’t have a problem with anything
else. Only DavDroid. (Hence, the code sample – generally, this is how
ActiveSync and browser libraries handle it.)
You mean: to allow self-signed certs in DAVdroid. To allow them on
Android, you have to import them like described on the DAVdroid home
page. Again, where is the issue? <<<
Importing my certs doesn’t work… for the reason described – both in
the text and in the code – AND, as described in the previous paragraph.
I’ve spent several FRUSTRATING hours trying everything under the sun to
make it work.
SSL without certficate checks (this is something other than allowing
self-signed certs) is not only absolutely useless but actually dangerous
because one might think data are transmitted securely. Would you like to
have a “Disable brakes” switch in your car? I wouldn’t. If you don’t
care about security, use HTTP – it’s exactly as secure as HTTPS without
certificate checks. <<<
Who cares? I’m an intelligent user. I want crypto… I assume my own
risk. Do you think you or your program knows better than I if I should
receive an error or not? Does it read my mind or employ some miraculous
Artificial Intelligence code? No.
»In order to use Android Backup Service, you must register your app with
the service to receive a key that you must include in your Android
DAVdroid is not registered with the Backup API; it’s data won’t be
stored. Calendar and contact data may be, but that’s not our
responsibility and I can only advise to not use that service. <<<
Geez… Do we now need to discuss the cellco company practices? I only
noted them because they are an established FACT. What’s that got to do
with crypto? I’m only MINIMIZING THE CRAP regarding this issue: OH
NO! WE GOTTA WORRY ABOUT THE AUTHENTICITY OF THE REMOTE SERVER!"
This subject will go on forever and consume more airtime than even Ed
Snowden is getting.
Question #1: Why do I use CyanogenMod without GApps, thus without
Google Play? <<<
How many of your users have the technical ability to root their
phone??? .000001%??? Ad nauseum.
HINT #3: Real world: Verizon and ATT can restore your phone and data
when you sign a new contract with a new phone? ADVICE: TAKE THE HINT.)
Can you restore a DAVdroid account? <<<
If the answer is yes, you would have to erase this spying firmware as
soon as you get the phone and replace it by a free Android flavour
(CyanogenMod, Replicant). I also strongly recommend to have a look in
the source code; for instance, you might audit the Backup API and then
tell us if it really does what it should (and not more than that). <<<
YES! The mentioned carriers can restore calendar, contacts, email,
files, misc phone settings, etc. Online backups are now defaults…
most people are clueless.
They are using their “branded” implementation(s) of the Backup API to do
it… back by popular demand of the spy grid.
I kid you not. Would you like to know why I dumped my cell phones
almost 3 years ago??? Have you checked your phones for military IPs
thru VPN tunnels??? (I have. The phone was shut down the very next
day. The local salesman at the local sales office had EXACTLY the same
problem – I found that out because I checked.)
People don’t even realize that the 4G backbone is generally owned and
operated by the DOD. In reality, the carriers only own the local access
towers. The carriers can even use the DOD (DISA) to do billing…
Another tidbit people don’t know. I have the military documents (under
FOIA… and, now, these docs are available publicly).
LIKE I SAID,… This subject will go on forever and consume more airtime
than even Ed Snowden is getting.
*** WE NEED CRYPTO TO OUR PRIVATE SERVERS WITH PRIVATE CA’S *******
Creating the subclassed HttpClient stuff will allow that to happen as