Skip to content

Improve support for self-signed certs, Let's Encrypt, and option to trust all SSL certs #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Improve support for self-signed certs, Let's Encrypt, and option to trust all SSL certs #9

wants to merge 1 commit into from

Conversation

@jkurei
Copy link

@jkurei jkurei commented May 15, 2020

I was having a lot of issues getting trilium-sender to work for me... didn't work with a self-signed cert, and it didn't even work with a Let's Encrypt cert.

To fix it, and make it easier to use, I implemented the following solution:

  • Wrap the OkHttp client with a custom class, adding a custom trust manager with 3 configurations:
  • Configuration 1 uses the system installed certs; here I also make sure to add the Let's Encrypt root cert, assuming that's going to be a super common use case
  • Configuration 2 asks the user for their .pem cert; specially useful for self-signed certs. User has to copy-paste it into a text field, may be loading the .pem file would be much easier...
  • Last configuration just trusts all SSL certs. It's a bad idea, and the app will warn you of that, but I think it could be good for people just testing this out or developers debugging stuff.
  • I had to update OkHttp for this. I went for the smallest upgrade that let me do this.

I am not experienced with Android. I know my way around Javaa, so I coded this in Java and translated it into Kotlin using Android Studio, so it may or may not look like idiomatic Kotlin...

If you have any feedback to improve this, please let me know.

@jkurei jkurei changed the title feat: more SSL trust options (custom cert, trust all, let's encrypt...) Improve support for self-signed certs, Let's Encrypt, and option to trust all SSL certs May 15, 2020
jkurei
jkurei commented May 15, 2020
View reviewed changes
app/build.gradle
Comment on lines -45 to 46
implementation fileTree(include: ['*.jar'], dir: 'libs')
implementation "org.jetbrains.kotlin:kotlin-stdlib-jre7:$kotlin_version"
implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk7:$kotlin_version"
implementation 'com.android.support:appcompat-v7:27.0.2'
Copy link
Author

@jkurei jkurei May 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I... am not sure why I needed to change this. Probably Android Studio was complaining. It's probably not needed, right?

I did check and I think the project has somewhat-outdated gradle and SDK versions... but I don't know if this change will be good.

jkurei
jkurei commented May 15, 2020
View reviewed changes
app/src/main/java/io/github/zadam/triliumsender/CustomTrustClient.kt
import javax.net.ssl.TrustManager
import javax.net.ssl.X509TrustManager

class CustomTrustClient {
Copy link
Author

@jkurei jkurei May 15, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This class looked much prettier in Java, I think. I don't know Kotlin, but I guessed you wouldn't want to mix languages.

Copy link
Author

@jkurei jkurei May 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My original code: https://gist.github.com/jkurei/26eeba6cbdc3f4c16394d9cbe0d3acfd

zadam
zadam requested changes May 17, 2020
View reviewed changes
app/src/main/java/io/github/zadam/triliumsender/CustomTrustClient.kt
@Throws(Exception::class)
fun run() {
val request = Request.Builder()
.url("https://publicobject.com/helloworld.txt")
Copy link
Owner

@zadam zadam May 17, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you pls explain what purpose has this call to this website?

Copy link
Author

@jkurei jkurei May 30, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Absolutely none, just test code. I'll remove it.

app/src/main/java/io/github/zadam/triliumsender/LoginActivity.kt
customCertInput.visibility = View.GONE
}
}
)
Copy link
Owner

@zadam zadam May 17, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps I just can't see it, but is the cert setting saved somewhere? I can see that the login will be attempted with the chosen cert setting, but then when I close the app and want to use it to send some text note to trilium server, how will the app know which cert settings has been chosen before?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zadam zadam zadam requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jkurei @zadam