afilini
commented
2 years ago If you want to use self signed certs you have to explicitly enable it by creating the electrum client manually with a custom configuration and setting Config::validate_domain() to false.
On top of that, I think the BadDER is some kind of encoding error, I don't think it's failing because it's self signed. Other people have had the same issue with it in the past, see https://github.com/Blockstream/gdk/pull/141
Sometimes rustls is picky about those stuff, try overriding rust-electrum-client to use openssl with the use-openssl feature. Keep in mind that openssl is written in C, so you'll need the NDK setup to cross-compile for android.
BitcoinQnA
Describe the bug
BDK rejects any SSL server that uses a self-signed certificate. This issue is being observed in Envoy, our pre-release companion application for our Passport hardware wallet.
Connecting to our default server (also Fulcrum) with a certificate issued by Let's Encrypt works fine.
To Reproduce
Attempt to connect to any Electrum Server that uses a self-signed certificate. We have been using
ssl://testnet.aranguren.org:51002, a public Fulcrum server used (successfully) by Sparrow Wallet when started in testnet mode.Expected behavior
Successful connection.
Build environment
Additional context
N/A