Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support client certificates #1005

Closed
wants to merge 1 commit into from
Closed

Support client certificates #1005

wants to merge 1 commit into from

Conversation

stephanritscher
Copy link

This change adds support for configurations where the webserver requests a client certificate, e.g. via nginx configuration options ssl_client_certificate and ssl_verify_client. The client certificate handling is done via InteractiveKeyManager which prompts for a client certificate from a file or the devices keystore.

This change is NOT about client certificate authentication to the nextcloud server instance. The regular authentication mechanisms will be used as soon as the communication on TLS level is established.

The change addresses ticket #603, while not being a generic solution IMO.

@stephanritscher
Support client certificates
1634d57 
This change adds support for configurations where the webserver requests a client certificate, e.g. via nginx configuration options ssl_client_certificate and ssl_verify_client.
The client certificate handling is done via InteractiveKeyManager which prompts for a client certificate from a file or the devices keystore.

This change is NOT about client certificate authentication to the nextcloud server instance. The regular authentication mechanisms will be used as soon as the communication on TLS level is established.

The change addresses ticket nextcloud#603, while not being a generic solution IMO.
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 26, 2022
View reviewed changes
library/src/main/java/com/owncloud/android/lib/common/network/NetworkUtils.java
// should be available in any device; see reference of supported protocols in
// http://developer.android.com/reference/javax/net/ssl/SSLSocket.html
}
sslContext.init(kms, tms, null);

Check failure

Code scanning / CodeQL

`TrustManager` that accepts all certificates

This uses [TrustManager](1), which is defined in [AdvancedX509TrustManager](2) and trusts any certificate.
@stephanritscher stephanritscher mentioned this pull request Nov 26, 2022
Closed
@Torqu3Wr3nch
Copy link

The change addresses ticket #603, while not being a generic solution IMO.

I think @stephanritscher probably means nextcloud/android#603. Thanks again for doing this, Stephan.

@AlvaroBrey
Copy link
Member

app PR: nextcloud/android#11099

@AlvaroBrey AlvaroBrey mentioned this pull request Nov 30, 2022
Closed
@AlvaroBrey
Copy link
Member

Closed per nextcloud/android#11099 (comment)

@AlvaroBrey AlvaroBrey closed this Dec 2, 2022
@Elv1zz Elv1zz mentioned this pull request Jan 27, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stephanritscher @Torqu3Wr3nch @AlvaroBrey