dburr
commented
4 years ago @reflexit what OS are you running the server on (windows mac or linux) and what is your device (you mentioned rooting, so i assume android and that you are unrooted)?
Closed reflexit closed 3 years ago
dburr
commented
4 years ago @reflexit what OS are you running the server on (windows mac or linux) and what is your device (you mentioned rooting, so i assume android and that you are unrooted)?
reflexit
commented
4 years ago @dburr I am running the server on Windows 10 x64. My mobile phone OS is unrooted Android 9. The emulator I'm using is Android-x86 7.1 (which comes rooted) in Virtualbox.
dburr
commented
4 years ago @reflexit also there is nothing really that we can do about #2. Starting with Android 7 (Nougat) Google changed the behavior of user-installed CA certificates. Now user-installed CA certificates are no longer trusted implicitly by apps. In order for an app to trust a user CA cert, the app developer would need to specifically enable this when building their app. We would have to release a patched APK for this. The only workaround (other than patched apk) is, as you mentioned, installing the user CA cert as a system CA cert (which are implicitly trusted by everything) which requires root.
reflexit
commented
4 years ago @dburr I see. In that case, what about mentioning the workaround in README, since other users with unrooted devices may have the same problem?
dburr
commented
4 years ago @reflexit Good point, I'll go ahead and add a section to the README about that.
reflexit
commented
3 years ago The first issue seems to be fixed in 0.4.0 release.
I was trying the latest v0.3.2 release, but after following all steps in README, the app either got stuck in black screen or launched into gallery mode. After some research, I find that I have to do the following two tweaks in order to run the server successfully:
First, I have to comment out the following lines in
nginx.conf:Otherwise, I will always get
503 Service Temporarily Unavailableerror whenever I visithttps://android.magica-us.comin a web browser. This happens both on my mobile phone (after installingca.crt) and the computer hosting nginx itself. After commenting out the above lines, I can access the "Welcome to nginx" page successfully.Second, I have to move the installed user CA to system store, as I have described in #11. This means that I need to use a rooted device or emulator.
After making these two tweaks, I am able to connect to the private server successfully. I am unsure whether these tweaks are specific to my case, but I would like to open this issue so that developers might look into it.