Self Signed Certificates?

[aaylnx]

I'm trying to use Tangram with an instance of Nextcloud which I have set up on my own lan, but it will not allow me accept a self-signed certificate. Is there a way for me to accept a self-signed certificate that I'm missing? If not, might that be a possibility in the future?

Thanks.

[sonnyp]

I'm not going to add certificate management to Tangram - however it should respect your preferences.

You can try trusting the certificate through seahorse or https://help.gnome.org/users/epiphany/stable/cert.html.en

If it doesn't work and you're using the Flatpak, this might be related: https://github.com/flatpak/flatpak/issues/2721

Let me know how it goes - if you'd like to debug/fix this I'm happy to provide some guidance.

[nanonyme]

@sonnyp which crypto stack does Tangram use? Host certs work best with GnuTLS (that's where the support was originally done) and may work with NSS. It does not work at all with OpenSSL at the moment.

[sonnyp]

According to https://blogs.gnome.org/mcatanzaro/2018/11/11/the-gnome-and-webkitgtk-networking-stack/ that would be GnuTLS

if you’re using desktop Linux and point WebKitGTK+ at an HTTPS address, then GLib is going to load a GIO extension point called glib-networking, which implements all of GIO’s TLS APIs — notably GTlsConnection and GTlsCertificate — using GnuTLS

[nanonyme]

Well, that should definitely work with host certificates assuming crypto stack itself likes the setup. Many crypto stack assume you have internal CA with which server cert is signed rather than server cert being self-signed.