Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ssl issues with Android 7 #55

Open
wico opened this issue Sep 6, 2017 · 1 comment
Open

Ssl issues with Android 7 #55

wico opened this issue Sep 6, 2017 · 1 comment

Comments

@wico
Copy link

wico commented Sep 6, 2017

Hey,

we still have no "ignore SSL certs" option in traccar-manager. You remember? I asked for it a while ago. :)

However:
Until Android 6.0.1 it was possible to "accept" that by importing a root-CA into the android user cert store. By doing so, any app was able to trust what has been signed by that user-driven CA. A good way to use SSL but not any official CA (which is still the plan, I dont want to go to lets-encrypt by reasons). Unfortunaltely, importing a user-cert was "global" to any app.

With android 7 thats not possible anymore with traccar-manager right now - see: https://blog.jeroenhd.nl/article/android-7-nougat-and-certificate-authorities and https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html

Might be a good thing in sense of security, but it would be nice to offer the user at least some ways out if he really wants to.

Could you eventually:

  1. Add an "ignore SSL certs" option as asked a while ago
  • or -
  1. implement
<network-security-config>  
      <base-config>  
            <trust-anchors>  
                <!-- Trust preinstalled CAs -->  
                <certificates src="system" />  
                <!-- Additionally trust user added CAs -->  
                <certificates src="user" />  
           </trust-anchors>  
      </base-config>  
 </network-security-config>

?

Would that be possible? Or shall I create a PR?

Martin

@wico wico changed the title Again - ssl issues with anrdoid 7 Ssl issues with anrdoid 7 Sep 6, 2017
@wico wico changed the title Ssl issues with anrdoid 7 Ssl issues with Android 7 Sep 6, 2017
@tananaev
Copy link
Member

tananaev commented Sep 7, 2017

Please send a pull request with following config:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
            <certificates src="user" />
        </trust-anchors>
    </base-config>
</network-security-config>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants