Closed GoogleCodeExporter closed 8 years ago
Issue 324 has been merged into this issue.
Original comment by fschm...@gmail.com
on 22 Apr 2013 at 7:47
Could someone with more insight into the code please clarify what the
status-quo is?
I've seen in XmppManager that conf.setSelfSignedCertificateEnabled is not set,
so from the smack documentation I'm guessing this is off. However all the
conf.setVerify* options default to off, so - is every certificate accepted, as
long as it is not self-signed?
If so, would you accept a patch that simply adds a checkbox to the SSL
configuration "Verify certificate", which seems to be trivial to implement and
increases security by a lot for those with a valid cert?
Thanks.
Original comment by eckho...@gmail.com
on 3 Jun 2013 at 7:46
It is very likely that the smack conf option alone is not enough. Smack needs
to be aware of Android's built-in TrustManager, which is IIRC not available on
every supported Android API level.
OTOH I know that it is possible to use Android's Cert store. There are open
source Android XMPP clients out there that use Smack and do so. I think yaxim
is one of them.
tl;dr: I don't think that the conf setting alone is enough, the patch will
likely become bigger. But feel free to experiment, test and propose a patch. I
sure will have a look.
Original comment by fschm...@gmail.com
on 3 Jun 2013 at 4:30
Original comment by Florent....@gmail.com
on 16 Aug 2014 at 4:27
Released on Play Market as 5.0
Original comment by Florent....@gmail.com
on 25 Oct 2014 at 6:23
Original issue reported on code.google.com by
fschm...@gmail.com
on 21 Mar 2013 at 2:21