Errors for self-signed certificate

opk12 commented 2 years ago

Description

The self-signed certificate error message boxes require two Enter key presses at startup, whenever I send a message, but also randomly, while browsing the rooms.

Steps to reproduce

My home homeserver is in a private network, has a self-signed certificate and does not have a domain name. These show up: The certificate is self-signed, and untrusted.

Compare with Element-Android:

At login, shows the fingerprint and asks for user confirmation to save the certificate.
When it connects:
- If the certificate has changed, asks whether to update the local copy.
- If the certificate has not changed, does not warn.

Version information

Quaternion 0.0.95.1 on Fedora 35 Quaternion 0.0.9.5 on Debian 11

ghost commented 1 year ago

Adding support for pinning certs is a bit harder.

Out of interest, faced with a similar situation, I've made my own CA with the extension of name constraints. This basically works in every application without special support from the apps, as it behaves normally. Could this be an alternative?

KitsuneRal commented 1 year ago

I just figured that there's another earlier issue about it. Duplicate of #689.

quotient-im / Quaternion