signalapp / Flock

Private contact and calendar sync for Android.
https://signal.org/blog/flock
358 stars 80 forks source link

Allow self-signed SSL certificate? #18

Closed x3ro closed 10 years ago

x3ro commented 10 years ago

Apparently Flock WebDav tests fail if using a self-signed SSL certificate. It'd be great if it was possible to proceed and accept the self-signed cert :smile:

rhodey commented 10 years ago

When Flock is configured to run with a user provided WebDAV service it uses Android's local trust store to validate certificates. To use an HTTPS WebDAV service of your own with Flock you will need to setup the WebDAV service with a cert signed by a certificate authority that is within your Android trust store.

DavDroid has a great article on importing self-signed certs to Android's trust store, you can find it here >> http://davdroid.bitfire.at/faq/entry/importing-a-certificate

A potential improvement could be to retrieve the certificate of the WebDAV server on setup and provide the user with a fingerprint and option to import.

master-sonic commented 10 years ago

You need to make sure to import your certificate authority on your Android's trust store and not the self-signed cert. Most howtos you find don't make use of a CA. I found this post very helpful http://theheat.dk/blog/?p=1023

rhodey commented 10 years ago

thanks for the link @master-sonic, I'm going to close this for now and make note to include this information in the "how to run your own sync service for flock" blog post.