Taavi Eomäe

TLS client certificate as such is specified by the TLS spec. Individual web servers, such as nginx and Apache have their own configuration options for requesting the certificates from the...

> I am not quite seeing what FS could bring I'm thinking that FS could provide: * Documented procedure on how to provide cert/eID auth. * A configuration option (`ENABLE_EID_AUTH`?)...

> Not sure your concern with cookie - I believe FS / Flask manages session cookie domains correctly (i.e. it has various config parameters to manage it). Yes, but it...

> Why would you need a subdomain called certauth.app.domain.com? Because for example nginx can't ask a client-cert in a path block, only on a server block. Just as a clarifying...

> Can you point me to some examples of sites that actually accept this? `https://tara.ria.ee/login` `https://my.zone.eu/et/zid/server/auth` `https://id.seb.ee/cgi-bin/ipank/ipank.p` `https://maasikas.emta.ee` Using cert auth is called `ID-kaart` in Estonian, `Log in` is usually...

IMHO this should be primarily implemented by things like OSSEC and fail2ban, those tools can also be more effective at deploying countermeasures. Providing a paragraph in documentation that one of...

@vstakhov Check out https://bimi.entrust.net/zone.ee/certchain.pem for a recent valid certificate from Entrust.

I'm getting the same error with a different project.

I have one suggestion though, this content provider should be protected by an authorization dialogue before being released to the public and doing it right now while nothing depends on...

@boun Gadgetbridge's minimum API is Kitkat (19, 4.4) and runtime permissions are a Marshmallow (23+) thing meaning that this has to be implemented by Gadgetbridge.