| 2013-03-12 21:24:56 |
Stefan Hammer |
description |
We need to accept self signed SSL certificates to be able to sync securely with Rainy.
Ideally it would look like this:
On authentification (and on any other sync, the certificate could change...) we should catch the ssl exception,
extract the certificate and show it to the user.
If the user agrees, we will store the certificate and use it.
For a quick fix we could just accept all certificates. Tomboy is doing it too. There is of course the chance of a man in the middle attack in this case.
further reading:
http://nelenkov.blogspot.co.at/2011/12/using-custom-certificate-trust-store-on.html
http://developer.android.com/training/articles/security-ssl.html#UnknownCa
http://stackoverflow.com/questions/2642777/trusting-all-certificates-using-httpclient-over-https |
We need to accept self signed SSL certificates to be able to sync securely with Rainy.
Ideally it would look like this:
On authentification (and on any other sync, the certificate could change...) we should catch the ssl exception,
extract the certificate and show it to the user.
If the user agrees, we will store the certificate and use it.
For a quick fix we could just accept all certificates. There is of course the chance of a man in the middle attack in this case.
further reading:
http://nelenkov.blogspot.co.at/2011/12/using-custom-certificate-trust-store-on.html
http://developer.android.com/training/articles/security-ssl.html#UnknownCa
http://stackoverflow.com/questions/2642777/trusting-all-certificates-using-httpclient-over-https |
|
