Error while using self-signed TLS-Certificate

[sysms]

When using Blitzmail with an SMTP-Server which has an self-signed TLS-Certificate, it responds with an error: "Could not convert socket to TLS java.security.cert.CertPathValidatorException: Trust anchor for certification path not found."

Anything we can do about this?

[grote]

You could simply import the certificate in your Android device. Here's a guide on how to do this from CAcert: http://wiki.cacert.org/FAQ/ImportRootCert#Android_Phones

Alternatively, I could show a dialog allowing you to accept the cert nonetheless, but I currently don't know how to do this and therefore gladly accept pull requests.

[grote]

I did some research and the best way forward seems to be to use this library https://github.com/ge0rg/MemorizingTrustManager but I won't to that now.

[sysms]

Thanks for your reply and this neat tool!

I also did some research, and it seems there are some possibilities - but with drawbacks (opening MITM-attacks):

http://stackoverflow.com/questions/12018681/android-tls-connection-and-self-signed-certificate http://stackoverflow.com/questions/13152198/android-validating-self-signed-certificates-in-addition-to-normal-ssl-certific

So the library you found lately seems indeed to be the best and securest way to implement this feature!

Will see if i go the "import certificate"-way or try to add this library by myself - whatever comes first in my spare time. :-)

[grote]

Using NetCipher from the GuardianProject might be another alternative to implement. It would also allow BlitzMailing via TOR.

[grote]

There's also CAdroid now which can be used to import self-signed certs into the Android trust-store.