Gedsh
commented
4 months ago This feature is not currently supported. InviZible does not include the required certificate file. I will implement it over time if you are interested in having it available.
Open mvevitsis opened 4 months ago
Gedsh
commented
4 months ago This feature is not currently supported. InviZible does not include the required certificate file. I will implement it over time if you are interested in having it available.
mvevitsis
commented
4 months ago Yes, I would like to see this implemented.
I want to use my own certificate file as I already have one I made with mkcert. This works great on desktop dnscrypt-proxy. However, even with correct the file path to the certificates specified, I cannot get inviZible to start dnscrypt-proxy with these lines uncommented.
Gedsh
commented
4 months ago with correct the file path to the certificates specified
You should put the certificate in an app's internal folder. For example, /data/data/pan.alexander.tordnscrypt/app_data/dnscrypt-proxy, which can only be done with the root.
mvevitsis
commented
4 months ago I don't have root, so it would need file access to a dedicated folder in internal storage Something like /storage/emulated/0/invizible
Gedsh
commented
4 months ago This would require permission to access all files, which users won't like. In addition, it violates Play Market policy. The only solution is to implement a way to add the certificate to an internal folder. This is possible, but requires time and effort.
mvevitsis
commented
4 months ago This would require permission to access all files, which users won't like. In addition, it violates Play Market policy. The only solution is to implement a way to add the certificate to an internal folder. This is possible, but requires time and effort.
Ok, well if possible I would like to see it implemented.
mvevitsis
commented
4 months ago There is no need for root.
Your app already has a folder in Android/data to store some files I made a new folder in there called certificates and pushed my certs using ADB. Specified these in the toml and it works:
Success.
Notes for anyone else who needs this: Install root ca using Android system settings. Chrome will recognize it automatically but for Firefox you need to activate developer mode (press Firefox logo a bunch of times in 'about') then go to secret settings and enable allow 3rd party ca certs.
Gedsh
commented
4 months ago pushed my certs using ADB
This folder is not accessible in modern android versions through the regular file manager. I don't think most users will like using ADB.
mvevitsis
commented
4 months ago pushed my certs using ADB
This folder is not accessible in modern android versions through the regular file manager. I don't think most users will like using ADB.
Right, you cannot access this folder without adb (or shizuku/rish if you want to do it on your phone).
I used rish inside termux, then just regular commands like mkdir and cp to place everything.
App will not allow dnscrypt to start if local_doh settings in toml are uncommented.
Otherwise, I think theoretically it should work if the user CA (e.g. from mkcert) is installed to the android system.
This is necessary for ECH support in Firefox.
Theoretically, it should work even without this workaround if network.dns.native.https-query = true (see: https://bugzilla.mozilla.org/show_bug.cgi?id=1500289) but in my testing, this does not work with invizible:
Chromium based browsers are unaffected; ECH works properly in both Samsung internet and regular Google Chrome.