news icon indicating copy to clipboard operation
news copied to clipboard
verified publisher icon bubelov

Add an option to trust self-signed certificates

Open losuler opened this issue 4 years ago • 10 comments

Description

I get the following error shown in the screenshot below upon trying to manually login to my Nextcloud instance which is using a self-signed certificate. The official Nextcloud app, Notes and Deck app all accept the self-signed certificate.

Platform

Android 11

Version

0.2.8 (F-Droid)

Screenshot

Screenshot_20210505-153003_1

losuler avatar May 05 '21 05:05 losuler

@losuler what's your use case? Getting proper certificate is free and using self-signed certs defeats the purpose of HTTPS

bubelov avatar May 05 '21 08:05 bubelov

I'm only accessing it on my LAN and not having HTTPS disables certain features like browser notifications. I don't want to use a real domain because it's a lot of extra hassle and the same with installing a root certificate on every device I use.

losuler avatar May 05 '21 08:05 losuler

@losuler I see. Bad luck, app-based auth doesn't work on Android 11, as far as I know. I'm also planning to make my public NC instance LAN-only, for security reasons, so the option to accept untrusted certs might be helpful in case app-based auth is not available.

bubelov avatar May 05 '21 14:05 bubelov

That's odd. Do you know why app-based auth is working on Android 11 on the Nextcloud Notes and Nextcloud Deck apps? Perhaps there's a solution there.

losuler avatar May 06 '21 05:05 losuler

@losuler that's a known issue: https://github.com/nextcloud/Android-SingleSignOn/issues/277

bubelov avatar May 06 '21 06:05 bubelov

Oh he temporarily lowered the targetSdkVersion to fix it. But it looks like that's not necessary anymore now that the single sign-on library has removed that limitation in https://github.com/nextcloud/Android-SingleSignOn/pull/282. Hopefully a new release of that lands soon.

I assume that's what you're waiting on?

losuler avatar May 06 '21 06:05 losuler

Looks like he has implemented another fix https://github.com/stefan-niedermann/nextcloud-deck/pull/943 in the meantime until there's a new release of that library (also documented here https://github.com/nextcloud/Android-SingleSignOn#1-add-this-library-to-your-project)

losuler avatar May 06 '21 06:05 losuler

@losuler yes, I'm going to update this dependency as soon as new release goes live. My Samsung seems to be stuck with Android 10, so I don't really feel like experimenting with workarounds because the situation is pretty messy and the results are mixed. Hopefully, this issue will be gone once I update that dependency.

bubelov avatar May 06 '21 06:05 bubelov

Implemented in https://github.com/bubelov/news/commit/7a51d68b0d3e65f9907a5cf6560e48f9c8170e8f

bubelov avatar May 11 '21 11:05 bubelov

https://developer.chrome.com/blog/removing-push/

Just saw this post in my feed and remembered this issue. On a second thought, I can't see any benefits in allowing self-signed certs. It's easier to use HTTP instead since the app doesn't force HTTPS and it's trivial to configure NC instance to allow both HTTP and HTTPS traffic

bubelov avatar Aug 21 '22 05:08 bubelov