transdroid icon indicating copy to clipboard operation
transdroid copied to clipboard
verified publisher icon erickok

Allow self-signed certificates for RSS feeds

Open erickok opened this issue 12 years ago • 2 comments

Add an option to enter a SHA1 thumbprint for RSS feeds to allow self-signed certificates to be used (instead of requiring a known authority).

As requested by mail by Leonardo.

erickok avatar Oct 22 '13 07:10 erickok

Hi! I stumbled upon this feature request while observing transdroid silently fails on tls rss feeds with selfsigned/not in default ca list certificates.

maybe an 'allow any certificate' like in connection options would be a viable alternative also.

I do prefer the approche of entering the correct thumbprint, but some trackers changetheir certificate regulary and/or use different certs on clustered servers.

So an allow all option should also beconsidered.

thanks in advance

kecksk0enig avatar May 23 '14 21:05 kecksk0enig

It has been quite some time since this ticket has been updated. I also needed to accept an untrusted certificate, so I looked into this. Here is my patch for the "allow any certificate" behavior:

diff --git a/app/src/main/java/org/transdroid/core/rssparser/RssParser.java b/app/src/main/java/org/transdroid/core/rssparser/RssParser.java
index baba1c4..6d62369 100644
--- a/app/src/main/java/org/transdroid/core/rssparser/RssParser.java
+++ b/app/src/main/java/org/transdroid/core/rssparser/RssParser.java
@@ -26,6 +26,7 @@ import org.transdroid.daemon.util.HttpHelper;
 import org.xml.sax.Attributes;
 import org.xml.sax.SAXException;
 import org.xml.sax.helpers.DefaultHandler;
+import org.transdroid.daemon.util.TlsSniSocketFactory;

 public class RssParser extends DefaultHandler {

@@ -75,7 +76,8 @@ public class RssParser extends DefaultHandler {

        SchemeRegistry registry = new SchemeRegistry();
        registry.register(new Scheme("http", new PlainSocketFactory(), 80));
-       registry.register(new Scheme("https", SSLSocketFactory.getSocketFactory(), 443));
+       TlsSniSocketFactory httpsSocketFactory = new TlsSniSocketFactory(true);
+       registry.register(new Scheme("https", httpsSocketFactory, 443));

        HttpParams httpparams = new BasicHttpParams();
        HttpConnectionParams.setConnectionTimeout(httpparams, 5000);

Save this to a file and apply it to the commit 4ce5023 with git apply.

The fix is very simple, it is not an option, but the default behavior. It could have been done in a single line. The current development branch for material design also does not yet have this feature yet, but i hope that this behavior is changed in the future.

ttimm avatar Mar 10 '15 14:03 ttimm