-
-
Notifications
You must be signed in to change notification settings - Fork 146
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Client certificate authentication (mTLS) #344
base: master
Are you sure you want to change the base?
Conversation
@jmattheis I've just wondered what the real advantage of the import of a CA cert inside the app is over the system-wide native CA import. |
I don't know. This feature was added added more than 5 years ago. I could imagine that some users may not want to globally trust the CA cert and what to only configure this for certain apps. |
Oh wait, I wanted to implement some kind of hint to add a password when selecting a client cert. And btw, while merging the master another problem occured: android/app/src/main/kotlin/com/github/gotify/api/CertUtils.kt Lines 87 to 88 in a3dd80c
can not be suppressed anymore, it's now an error. So we can't just leave the trust manager empty anymore. PS: Fixed it by inserting default trust managers |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Haven't tested the new feature yet.
Any update on this? |
FYI: I'll review this pr on the weekend. |
And FYI: The implementation of the changes mentioned in the two remaining PR comments is still pending. |
That should be it for now. The mentioned improvements are all implemented. |
var caCertCN: String? | ||
get() = sharedPreferences.getString("caCertCN", null) | ||
set(value) = sharedPreferences.edit().putString("caCertCN", value).apply() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This setting is unused.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It wasn't in use previously, right?
Then we could safely remove it.
Continuation of #230
Closes #85
Related to gotify/server#416
I've adopted some of the code and translated it to Kotlin, but most parts are rewritten.
Here's a summary:
Testing the following cases is still to be done:
Maybe taking a look at image loading is important as well.
And I will add some kind of hint that you have to give a password, it seems like (according to my trial and error) the Java client key implementation requires one.
For reference my reverse proxy settings (Caddy, docs for client_authentication):