[FEATURE REQUEST] Self-Signed-Cert-Support

[will2048]

Hey there,

thanks a lot for this fine piece of software!

I successfully setup my nextcloud-server with a self-signed certificate.

The CA-Cert was imported to Android and works well.

No more Warning in Fennec, Grocy- and floccus-App are now working without any problem.

Only OSS-DocumentScanner throws:

javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

I followed these Links: https://github.com/nativescript-community/https/issues/10 https://medium.com/@noumaan/ssl-app-dev-a2923d5113c6

If I understand correctly it is only needed to add

<certificates src="user"/>

into

network_security_config.xml

Maybe a switch to turn the ability to support user-certs on and off would be a security feature in this context.

[farfromrefug]

@will2048 great investigation ! I will fix this. Dont think I will make it an option as I am not even sure I can (.making that XML value loaded or not). Seeing Nextcloud do it by default https://github.com/nextcloud/android/blob/c5d4e135894a8e25d0b339f857551412ca7a68ce/app/src/main/res/xml/network_security_config.xml I think I can safely do the same

[will2048]

Thanks for your swift reaction.

Yeah, ich checked the network_securtiy_config.xml of floccus- and grocy-app and they have it set as well. They also have no special setting to allow user-CAs in special.

And now that I am thinking: There is a very big an detailed warning before importing a user-CA-cert und you have to authenticate again by PIN/fingerprint. So now I think that an option is not needed...

I will give feedback here when it's built in and I can test it.

Sales slips / till receipts: HERE I COME! 😄

[farfromrefug]

@will2048 published a new version. Let me know if it works

[will2048]

YES, SIR! 😁

Thanks a million.