Closed Asfaroth closed 1 month ago
Any news about this? Is there any chance to use your own certificates in the near future?
I am also using a self-signed cert and I have added the self-signed root to my Android phones user certificate store but am still unable to log in.
Which cert store is the app using to validate the server cert?
Seems like this a restriction in the Dart SDK in that it only loads the system CA certificates.
#if defined(DART_HOST_OS_ANDROID)
// On Android, we don't compile in the trusted root certificates. Instead,
// we use the directory of trusted certificates already present on the
// device. This saves ~240KB from the size of the binary. This has the
// drawback that SSL_do_handshake will synchronously hit the filesystem
// looking for root certs during its trust evaluation. We call
// SSL_do_handshake directly from the Dart thread so that Dart code can be
// invoked from the "bad certificate" callback called by SSL_do_handshake.
const char* android_cacerts = "/system/etc/security/cacerts";
LoadRootCertCache(android_cacerts);
return;
We've added a setting option on the login screen which enables specifying an SSL host override, if the SSL fails but the host matches the request should be allowed.
Hello,
I'm using self hosted Invoice Ninja since a few days and I'm absolutely loving it so far! However, I would really like to use the flutter apps but I'm running into an issue: The app doesn't allow self-signed certificates because, obviously, the used CA is not in flutter's CA storage. I had this issue in other flutter applications as well and I know there's a workaround for this. Bigger projects like Immich already implemented a solution for such a use case (see https://github.com/immich-app/immich/releases/tag/v1.78.0 for example).
I've already found a closed issue (https://github.com/invoiceninja/admin-portal/issues/461) here. I really don't think that utilizing self-signed certs is the same as using plain http. In my case I'm hosting Invoice Ninja in a closed network in which I can't use letsencrypt as it is secured by a firewall from the internet. That doesn't necessarily mean that I can use insecure http connections in this network though.
Would it be possible to implement a workaround for this use case?