My homeserver is in a private network and has a self-signed certificate.
Like Element and the other clients, Circles should
On the first connection, save the cert.
On every connection, check if the cert has changed.
2.1. Fail, if the cert has changed.
In the case of a public domain, self-signed is a red flag. Maybe the app could expect self-signed if a private IP address was typed (as it's impossible to have a CA-signed cert) and then do TOFU.
Steps to reproduce:
Self-host Synapse.
Open the app.
Enter the username and the IP address.
See error message Username not found at the top.
Additional info
I could add the cert to the system trust store, but I'd rather do TOFU in-app than have users let strangers put hands on the system settings, possibly outside the trust store.
Steps to reproduce
My homeserver is in a private network and has a self-signed certificate.
Like Element and the other clients, Circles should
In the case of a public domain, self-signed is a red flag. Maybe the app could expect self-signed if a private IP address was typed (as it's impossible to have a CA-signed cert) and then do TOFU.
Steps to reproduce:
Username not found
at the top.Additional info
I could add the cert to the system trust store, but I'd rather do TOFU in-app than have users let strangers put hands on the system settings, possibly outside the trust store.
Application version
1.0.26
App Store name
F-Droid
Phone model
No response
Operating system version
No response
Homeserver
No response
Contact info
No response