My success story for pictures, calendar, contacts and email sync
Paul Sokolovsky
pmiscml at gmail.com
Mon Oct 14 17:28:07 UTC 2013
Hello,
On Mon, 14 Oct 2013 16:46:46 +0200
Paul Kocialkowski <paulk at paulk.fr> wrote:
> Le lundi 14 octobre 2013 à 17:32 +0300, Paul Sokolovsky a écrit :
> > So, it's likely not that "author thinks it's bad", but he probably
> > doesn't know about the issue at all.
>
> He does, it's explicitly told on his website. It's a choice he made
> and I know many other apps that detect and ask whether to use a
> self-signed certificate.
Oops, I didn't really check, thanks for correction.
>
> > Shouldn't *Replicant* allow to import *any* certificate regardless
> > if some vendor Android or AOSP put additional restrictions on
> > certificate?
>
> That's not it. The system holds a list of certification authorities
> (and their certificates) that apps use to approve a certificate or
> not, but it does not hold per-website SSL certificates, it's simply
> not its function (it's not because of a restriction from Google).
>
> On GNU/Linux as well, applications have to accept and store
> self-signed SSL certificates individually, there is no auth mechanism
> to do it system-wide, but it is the case with certification
> authorities certificates.
Well, that StackOverflow ticket,
http://stackoverflow.com/questions/2893819/telling-java-to-accept-self-signed-ssl-certificate ,
seems to suggest that it's possible to import site certificate into
Java keystore, which is shared by all Java apps. Granted, such
specifics in keystore handling doesn't have to apply to Android, I'm
not sure about it either.
>
> Correct me if I'm wrong, but at least that's how I understood things
> from my perspective.
One thing worth adding is that nowadays it's not that hard to get free
SSL certificate - e.g. https://www.startssl.com/?app=40 , google will
show up more. Though usually such free certificates are signed by
various "sub-CAs", so some fiddling with certificate stores may be
required still.
--
Best regards,
Paul mailto:pmiscml at gmail.com
More information about the Replicant
mailing list