Untrusted SSL cert == "unable to ping" #36
Comments
|
Work-around is to connect to the server in Safari, accept the cert, then re-launch the IMS application. |
|
The Safari thing prevents spoofing. Not sure how to add that cert/keychain dialog into the app. |
|
This no longer happens, though that's because it's now not validating the cert, so that's kinda dumb. |
|
OK, fixed #49, and this is back. Re-opening. |
wsanchez
added
Fixed (please verify and close)
and removed
Fixed (please verify and close)
labels
|
ad72af4 adds code that will bypass the TLS auth, but that's back to being lame. What I'd like is the "trust this cert?" dialog one sees in Safari, I think. Alternatively, we could add a preference to import a trusted CA cert to the app and use certs by that CA (or import a specific cert to trust, but that's less flexible and not any easier on the user). |
|
Rather than using a self-signed cert, would a free, trusted, cert from https://letsencrypt.org/ solve the problem? |
|
(The actual-cert solution might be tricky if the client is connecting to a server's LAN address rather than a public URL.) |
|
Yeah, Let's Encrypt would make getting a "real" cert easier, as I think their CA should be in Apple root CA list now, but I'd still like to figure out how to get allow the client to view and accept a random cert, because I think that may be necessary on playa. Self-signed certs are basically like SSH host keys. Trust once (ideally verify manually first), then complain when it changes. I think that model works OK in our usage. |
If the server is using an untrusted X.509 certificate (eg. a self-signed cert), then the application brings up an error dialog when attempting to connect:
The text was updated successfully, but these errors were encountered: