My success story for pictures, calendar, contacts and email sync

Paul Sokolovsky pmiscml at gmail.com
Mon Oct 14 14:32:26 UTC 2013


Hello,

On Mon, 14 Oct 2013 15:26:42 +0200
Paul Kocialkowski <paulk at paulk.fr> wrote:

> A new app was added to F-Droid recently and apparently makes it
> possible to have cardDAV sync. I did try it with Owncloud but it
> failed because it doesn't accept self-signed SSL certificates :(
> 
> Apparently the author thinks it's bad to accept self-signed
> certificates or to even ask the user about what to do (which most
> apps do). 

I'm not sure which "most apps" you mean. Netscape Navigator in old good
times offered such behavior. Now most apps just fail, though *few*
allow to re-run with certificate check disable (try wget) or go thru
extra hops (scary screens) to add certificate (current Firefox/Chromium
behavior is like the latter). Simply written Java app would just fail,
period. To make it not fail one should think about such possibility and
then go thru multiple hops to make it not fail:
http://stackoverflow.com/questions/2893819/telling-java-to-accept-self-signed-ssl-certificate

So, it's likely not that "author thinks it's bad", but he probably
doesn't know about the issue at all.

> When I'm configuring the device through my own private
> network (server and client on the same LAN), I see very few odds of
> having MITM.
> 
> Also since my certificate doesn't have any authority certificate, I
> cannot import it to my device it seems. Or maybe someone known better
> and it turns out I can? Anyway, I'll probably ask the author to
> reconsider his position.

Shouldn't *Replicant* allow to import *any* certificate regardless if
some vendor Android or AOSP put additional restrictions on certificate?


-- 
Best regards,
 Paul                          mailto:pmiscml at gmail.com


More information about the Replicant mailing list