On Sat, Dec 17, 2011 at 5:47 AM, Amra <[email protected]> wrote: > > 1: Do not verify certificates at all. This is the easiest fix that > solves my problem, but is considered horrible from a security > perspective. I would like to avoid this solution. >
Right, don't do this. > 2: Create a Bouncy Castle keystore and add my certificate to the > client upon compile time. Does wonders for me, but is bad for others > in my situation (not everyone want to compile all their android > applications) > Who is going to use this application? If it's just for you or it only connects to your sever, that is good enough. If you want to make it possible to add certificates, you just need to copy that keystore to a mutable location, under (/data) and write some code to import certificates. Other than that, initializing the trust store is the same. > 3: Make the funambol client use the certificates that a user has > imported through the Settings->Security->Install_from_memory_card menu > in android. Sounds like a good solution, but seems to be impossible to > do for some reason. This is not possible prior to ICS. Certificates and keys imported from that menu are only used *and* visible by the VPN and WiFi clients. There is no API for SDK applications to access the imported certificates. You probably can't write one either because you need system permissions to connect to the native keystore daemon. If you are interested in the details, read this: http://nelenkov.blogspot.com/2011/12/ics-trust-store-implementation.html > 4: Make the funambol client warn about self-signed certificates - for > then to remember the accepted certificates for later (the typical > behavior of an email application). Probably the best way to do it. I > have not found any pointers on how to do this on google though, but I > guess I could bend my brain around the K-9mail source code and see if > I understand what they have done. You need a mutable keystore for your app to do this. You would catch verification errors, show a dialog to the user, and if they decide to trust the cert, add it to the store (pretty much everyone will click 'OK' without thinking, but make it a big, fat warning). Then try to connect again, and it should work. This is not trivial, but if you really need it, do check how K-9 and others are doing it, they've probably thought about things you will miss on your fast pass. > > Anyway, can anyone tell me what is the "right" way to fix this issue > so that users of an android applications can use both self-signed and > globally trusted certificates - and that without sacrificing security > completely? > Use ICS :) If you need to use both, load the system trust store, then add the certificates from your own to it. IIRC, BouncyCastle has a on memory KeyStore class that makes this easier. Then use the resulting collection to initialize your TrustManager's. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
