GarethAyres
commented
7 years ago How would we best like to achieve this?
-
We can set the app to check the certs expiry date, when its running. This means the app will only check if the user starts the app, or leaves it running. I imagine after connecting and the next reboot, the app is not started again by users unless they have problems connecting. In which case it is too late?
-
We can start the app on a reboot. There is some persistence with the app then to perform the check once a day, for example. Downside to this is adding a new app permission: https://developer.android.com/reference/android/Manifest.permission.html#RECEIVE_BOOT_COMPLETED
This will mean all current installs need to accept the new permission for the feature to work, on update. Another downside is some users may not like the app always starting itself. But now permissions are optional, its an option they can make. We can minimise the system resources used for this by creating a service to start, and only load the app if required.
Gareth
restena-sw
It would be nice to warn users that they need to refresh their configs if either their client certificate or the last of all configured trust anchor CA certificates expire.