Killacal2084 / gtalksms

Automatically exported from code.google.com/p/gtalksms
1 stars 0 forks source link

Add support for Memorizing Trust Manager #320

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Time to enhance the security. Add support for Ge0rg's Memorizing Trust Manager: 
https://github.com/ge0rg/MemorizingTrustManager/wiki

Original issue reported on code.google.com by fschm...@gmail.com on 21 Mar 2013 at 2:21

GoogleCodeExporter commented 9 years ago
Issue 324 has been merged into this issue.

Original comment by fschm...@gmail.com on 22 Apr 2013 at 7:47

GoogleCodeExporter commented 9 years ago
Could someone with more insight into the code please clarify what the 
status-quo is?
I've seen in XmppManager that conf.setSelfSignedCertificateEnabled is not set, 
so from the smack documentation I'm guessing this is off. However all the 
conf.setVerify* options default to off, so - is every certificate accepted, as 
long as it is not self-signed?
If so, would you accept a patch that simply adds a checkbox to the SSL 
configuration "Verify certificate", which seems to be trivial to implement and 
increases security by a lot for those with a valid cert?

Thanks.

Original comment by eckho...@gmail.com on 3 Jun 2013 at 7:46

GoogleCodeExporter commented 9 years ago
It is very likely that the smack conf option alone is not enough. Smack needs 
to be aware of Android's built-in TrustManager, which is IIRC not available on 
every supported Android API level.

OTOH I know that it is possible to use Android's Cert store. There are open 
source Android XMPP clients out there that use Smack and do so. I think yaxim 
is one of them.

tl;dr: I don't think that the conf setting alone is enough, the patch will 
likely become bigger. But feel free to experiment, test and propose a patch. I 
sure will have a look.

Original comment by fschm...@gmail.com on 3 Jun 2013 at 4:30

GoogleCodeExporter commented 9 years ago

Original comment by Florent....@gmail.com on 16 Aug 2014 at 4:27

GoogleCodeExporter commented 9 years ago
Released on Play Market as 5.0

Original comment by Florent....@gmail.com on 25 Oct 2014 at 6:23