Self-signed SSL-Certificates
-
I’m pretty sure you know about the “Network may be monitored”-“bug”, as you wrote about it in the FAQs. For me this thing is pretty annoying and i am sure, android won’t be changed back again, so i dislike the way DAVdroid needs to handle self-signed certificates (Don’t get me wrong, from a developers pov, this is the best suited solution! But it is annoying for the user).
As the usage is nearly impossible for a non-IT-guy, i’d like to suggest to handle those certificates like several other applications (for example owncloud): Make it possible to import the certificate in the creation of an account.
I searched in the owncloud app, how they do it, and it looks pretty simple to me: https://github.com/owncloud/android/blob/master/src/com/owncloud/android/ui/dialog/SslUntrustedCertDialog.java
-
Thanks for your suggestion. This was discussed extensively in #3, please see there. Summary:
- Implementing a private certificate storage for DAVdroid is non-trivial and many things would have to be implemented, for example: GUI and functionality for importing a certificate, GUI and functionality for viewing installed certificates, GUI and functionality for removing installed certificates, integration with the multi-threading HttpClient library connection pool.
- All these things would be redundant and – while theoretically nice to have – are less important than all the other missing features, and our time resources are limited.
- Pull requests and existing solutions we have found are not satisfactory and don’t implement all the things metioned in (1).
- The code from Owncloud you mention seems to be the GUI for importing a certificate. The “real code” is in
com.owncloud.android.lib.common.network.NetworkUtils. Also, I don’t think they’re using a multi-threaded pool with HttpClient library and I also wonder whether there are options for viewing and removing already accepted certificates (crucial after Heartbleed, for example). - We have created CAdroid to allow users importing their self-signed certificates into the Android storage more easily.
So, thanks again for your suggestion, but at the moment, there’s nothing to be added from our side.
