accept certificates signed by a root CA trusted by system #123
Description
Is your feature request related to a problem?
Partially yes: #118 (which is fixed in a way not perfect for me).
I run a root CA for my homelab using Step CA, and the default expiration time of TLS certificates are just 24 hours when using ACME protocol.
(The frequent automated renewal of short-lived certificate is good for security, so I'll keep using this configuration.)
However, every time TriliumDroid sees a new certificate, the app asks users whether to trust it (even if they are signed by the single root CA).
This behavior forces me to accept a certificate every day (on every Android device I own).
Requiring the user to "trust" different certifcates too frequestly may spoil the security provided by HTTPS protocol, so I think TriliumDroid should be able to trust root CA.
Describe the solution you'd like
TriliumDroid should (or at least can be configured to) trust the root CA trusted by the Android system (including ones added by the user).
This can be opt-in or enabled by default. I don't have preference about it.
Describe alternatives you've considered
It would be possible for TriliumDroid to trust only certificates signed by the single root CA specified by the user (i.e., ignoring Android system trusts and just use the provided root CA cert), but I don't like this option.
Services in my homelab use two series of certificates simultaneously, ones from Let's Encrypt for the Internet (through a reverse proxy on a VPS server), and ones from the custom root CA for the LAN.
Trusting only one root CA makes this set up impossible.
Additional context
N/A