Tomdroid

Accept self signed SSL certificates to be able to sync securely with Rainy

Bug #1153289 reported by Stefan Hammer
28
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Tomdroid
Status tracked in Stable
Beta
Fix Released
High
Unassigned
Tomdroid 0.7.3 "Almost there!"
Stable
Fix Released
Undecided
Unassigned
Tomdroid 0.6.1 "Polyglot"

Bug Description

We need to accept self signed SSL certificates to be able to sync securely with Rainy.

Ideally it would look like this:
On authentification (and on any other sync, the certificate could change...) we should catch the ssl exception,
extract the certificate and show it to the user.
If the user agrees, we will store the certificate and use it.

For a quick fix we could just accept all certificates. There is of course the chance of a man in the middle attack in this case.

further reading:

http://nelenkov.blogspot.co.at/2011/12/using-custom-certificate-trust-store-on.html

http://developer.android.com/training/articles/security-ssl.html#UnknownCa

http://stackoverflow.com/questions/2642777/trusting-all-certificates-using-httpclient-over-https

See original description
Tags: ssl
Stefan Hammer (j-4-deactivatedaccount)
description: updated
Revision history for this message
Stefan Hammer (j-4-deactivatedaccount) wrote :

Added the quick hack and will report a new bug for the proper one!

Stefan Hammer (j-4-deactivatedaccount)
Changed in tomdroid:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.