MetaMask / metamask-mobile

Mobile web browser providing access to websites that use the Ethereum blockchain
https://metamask.io
Other
2.18k stars 1.12k forks source link

Trust User's Root Certificate Store #3422

Open open-contracts opened 3 years ago

open-contracts commented 3 years ago

Description

At least on android, the metamask browser does not trust ssl (root) certs that were manually installed by the user into their device's trust store. This behavior is different from literally every other mobile browser, and locks the user into relying exclusively on the (centralized) list of root certs provided by the metamask team, if they want to use their wallet. It is also different from the desktop behaviour, where the extension works on sites whose certs were signed by an authority the user chose to trust.

This is also the only reason why our new smart contract oracle platform based on enclaves (which requires trusting a root cert generated inside the first enclave) does not work on mobile right now.

Can we change this?

Technical Details

Change the ssl trust store to use the devices system trust store.

Acceptance Criteria

The user must be able to manually add ssl root certs that the metamask browser will accept.

EugeneSnikhovskiy commented 1 year ago

+1 There are some cases when bussines need to have private self-hosted site with access by IP. There are no way to create trusted certificate for IP without domain. And if user buy domain and cert, he will lose anonymity. If this solution is not acceptable by MetaMask team, maybe there is a way to create new feature to add user certs to MetaMask mobile from UI

xtensa commented 1 year ago

+1 Metamask should give at least the possibility to add custom root CA to use with testnets. How else one could test/debug custom dapp before it is installed on the domain with proper certificate?

armanal commented 1 year ago

+1 any updates on this issue?

zhu-maofeng commented 1 year ago

Yes, may I ask if the team has resolved this issue so far

Kampe commented 1 year ago

I would also like to know the status of this?

manicberet commented 2 months ago

status of this?