No synchronization over HTTPS with private SSL Certificate

fabienli / DokuwikiAndroid

Android application to access a dokuwiki

GNU General Public License v3.0

62 stars 6 forks source link

No synchronization over HTTPS with private SSL Certificate #106

Open Palaress opened 8 months ago

Palaress commented 8 months ago

Hi,

first thanks for this great app, I really appreciate the work you did.

Upgrading my docker setup, and having an SSL Cert based reverse proxy now infront of my dokuwiki server, I cannot connect to it (in the app) via https. When I change it back to the HTTP URL it syncs again, but I would rather use HTTPS.

I don't know mobile development, but with cURL one can set the --insecure flag to accept private SSL certs.

Maybe there is something similarly (easy) on android.

Best Regards

fabienli commented 8 months ago

Hi @Palaress ,

thanks for using DokuwikiAndroid. I've not looked into the details yet, but adding an option as you suggest seems achievable. However, I'm wondering if you tried an other solution that would be best secured:

adding your certificate (or your own signing certificate) as trusted in your Android phone. You could do so in the settings, around : Settings -> Security -> Certificates (on my side it's: Settings -> Security -> Other Security settings -> User Certificates) Let me know if that works for you! Regards, Fabien

crbble commented 3 weeks ago

Hi, I am facing the same problem. I installed the certificate as user CA cert in Android and it is working for the builtin browser. The log from DokuWikiAndroid reports "Failed to read server's response: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found".

I already tried to include the whole self-signed chain into the nginx configuration of the dokuwiki box but without success.

fabienli commented 3 weeks ago

Hi @crbble thanks for having tested this; I'll try to investigate if some option on the app could be activated. I'm thinking about playing around with this: https://developer.android.com/privacy-and-security/security-config . keeping you posted shortly.

fabienli commented 3 weeks ago

I've just pushed an update (release v0.41) to use the user's certificate from android. Could you please confirm whether it solved you problem? (please give a few hours for the release to be actually available)

crbble commented 2 weeks ago

I will try it out once the fdroid build is finished.

crbble commented 1 week ago

Thanks, it works now for me.