element-x-android icon indicating copy to clipboard operation
element-x-android copied to clipboard

Published 20 hours ago verified publisher icon element-hq

add mTLS support for client certificates

Open mackerel225 opened this issue 5 months ago • 0 comments

Your use case

What would you like to do?

Implement mTLS for Element X by allowing users to select which client certificates to use during account provider selection screen.

Why would you like to do it?

Hosting matrix server will only allow people with client certificates to connect.

How would you like to achieve it?

HTTP-Shortcuts app has similar functionality which can be used as initial implementation - https://github.com/search?q=repo%3AWaboodoo%2FHTTP-Shortcuts%20client%20certificate%20authentication&type=code. Enables users to select which client certificate to use for HTTP requests, this enables mTLS in where your server is enforcing client certs.

What is the current behaviour?

Enforcing client certs on a server whilst hosting a matrix instance will result in your typical 'We couldn't reach this homeserver' error message. This will happen despite client certs are installed on an Android device, they are just not being picked up / used by Element X android.

Have you considered any alternatives?

No response

Additional context

All that's required is for element X to use self-signed client certs. The enforcing can happen through reverse proxy

Are you willing to provide a PR?

Yes

mackerel225 avatar Sep 15 '24 23:09 mackerel225