Ssl issues with Android 7

[wico]

Hey,

we still have no "ignore SSL certs" option in traccar-manager. You remember? I asked for it a while ago. :)

However: Until Android 6.0.1 it was possible to "accept" that by importing a root-CA into the android user cert store. By doing so, any app was able to trust what has been signed by that user-driven CA. A good way to use SSL but not any official CA (which is still the plan, I dont want to go to lets-encrypt by reasons). Unfortunaltely, importing a user-cert was "global" to any app.

With android 7 thats not possible anymore with traccar-manager right now - see: https://blog.jeroenhd.nl/article/android-7-nougat-and-certificate-authorities and https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html

Might be a good thing in sense of security, but it would be nice to offer the user at least some ways out if he really wants to.

Could you eventually: 1) Add an "ignore SSL certs" option as asked a while ago

• or - 2) implement

  <network-security-config>  
    <base-config>  
          <trust-anchors>  
              <!-- Trust preinstalled CAs -->  
              <certificates src="system" />  
              <!-- Additionally trust user added CAs -->  
              <certificates src="user" />  
         </trust-anchors>  
    </base-config>  
  </network-security-config>

  ?

Would that be possible? Or shall I create a PR?

Martin

[tananaev]

Please send a pull request with following config:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
            <certificates src="user" />
        </trust-anchors>
    </base-config>
</network-security-config>