Feature request: Option not to trust system CAs (certificate pinning)
feisar last edited by rfc2822
First of all thanks for the great app, ownCloud with DAVdroid is great!
I have noticed that app developers are starting to add a user option into their apps which gives the option not to trust any of the pre-installed, system-wide certificate authorities - Instead the app will only trust a specific, accepted certificate.
This functionality is relevant to DAVdroid because ownCloud it is meant to be a private, personal cloud solution so there is a very good argument for clients only trusting a personal, private certificate.
The Conversations app is an example of where this has been implemented:
Here is an Android library project which may be useful:
And here’s an explanation (provided by the developer of the above library) as to why it’s really quite an important feature:
Hope this feature can be added to (the otherwise fantastic) DAVdroid!
(I think it may also help to get around the many certificate problems people seem to have with DAVdroid)
Thanks for your suggestion. While I don’t think it makes sense to not trust system-wide CAs on app level (if you distrust those CAs, wouldn’t they have to be removed/disabled in the system so that they can’t do any harm in other apps, too?), I certainly support that certificate pinning would be a good thing.