Bit of a long winded fix - unable to find a simple workaround for this one.
Have created a class that implements OkHttpClientFactory so that I can override the checkServerTrusted method.
This method will behave as normal for any host address except for private IP addresses, i.e. servers on the local network. These will only check the certificate validity, but will not complain if the signing authority is not valid.
Testing
Run a copy of open mSupply on a tablet, and spin up a copy of this version of the cold chain application, trying to sync to the oms instance.
Without these changes, you get 'network error'
Check then that you can sync to a valid certificate (i.e. demo-open.msupply.org) and that the full certificate validation runs correctly for that server.
Fixes #264
Bit of a long winded fix - unable to find a simple workaround for this one.
Have created a class that implements
OkHttpClientFactory
so that I can override thecheckServerTrusted
method. This method will behave as normal for any host address except for private IP addresses, i.e. servers on the local network. These will only check the certificate validity, but will not complain if the signing authority is not valid.Testing
Run a copy of open mSupply on a tablet, and spin up a copy of this version of the cold chain application, trying to sync to the oms instance.
Without these changes, you get 'network error'
Check then that you can sync to a valid certificate (i.e. demo-open.msupply.org) and that the full certificate validation runs correctly for that server.