Feature request: Option not to trust system CAs (certificate pinning)

  • Hi,

    First of all thanks for the great app, ownCloud with DAVdroid is great!

    I have noticed that app developers are starting to add a user option into their apps which gives the option not to trust any of the pre-installed, system-wide certificate authorities - Instead the app will only trust a specific, accepted certificate.

    This functionality is relevant to DAVdroid because ownCloud it is meant to be a private, personal cloud solution so there is a very good argument for clients only trusting a personal, private certificate.

    The Conversations app is an example of where this has been implemented:

    Here is an Android library project which may be useful:

    And here’s an explanation (provided by the developer of the above library) as to why it’s really quite an important feature:

    Hope this feature can be added to (the otherwise fantastic) DAVdroid!

    (I think it may also help to get around the many certificate problems people seem to have with DAVdroid)

  • developer


    Thanks for your suggestion. While I don’t think it makes sense to not trust system-wide CAs on app level (if you distrust those CAs, wouldn’t they have to be removed/disabled in the system so that they can’t do any harm in other apps, too?), I certainly support that certificate pinning would be a good thing.

Similar topics

  • 3
  • 5
  • 9