Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(mobile): add server cert field, similar to client cert #14335

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

crisoagf
Copy link

Initial code for server certificate field.

@crisoagf crisoagf force-pushed the add-personal-root-cert branch from 678fd71 to 5e498ec Compare November 25, 2024 10:27
@zackpollard
Copy link
Contributor

Hey, could you please provide more information on what this is supposed to achieve?

@crisoagf
Copy link
Author

Hey, could you please provide more information on what this is supposed to achieve?

Sure thing!

This is an attempt to implement certificate selection for self-signed/enterprise-signed servers without simply disabling SSL certificate checking. It creates another settings field, similar to the client certificate selection, to import a root or self-signed certificate and use that for connection validation. AFAICT, this is only needed for Android, for iPhones already respect user imported certificates.

Currently, the only option for custom root certs or self-signed certs in Android is "Allow self-signed SSL certificates" that accepts any certificate that matches the hostname, which is at least a bit scary from an MITM attack perspective.

Context is #13555 .

@alextran1502 alextran1502 changed the title Feat #13555 add server cert field, similar to client cert feat(mobile): add server cert field, similar to client cert Dec 2, 2024
@alextran1502
Copy link
Contributor

Hello, can you add some information on how this PR has been tested?

@crisoagf
Copy link
Author

crisoagf commented Dec 7, 2024

So far I tested with local build + flutter run. Try to use without given code doesn't work, with given code works.

I'll try to add some info in some file in the repo and I'd really like to write a couple of tests. I may take a while (haven't been having a lot of free time lately), but I'll do it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants