This repository was archived by the owner on Feb 3, 2025. It is now read-only.
This repository was archived by the owner on Feb 3, 2025. It is now read-only.
Open
Description
Steps to reproduce
My homeserver is in a private network and has a self-signed certificate.
Like Element and the other clients, Circles should
- On the first connection, save the cert.
- On every connection, check if the cert has changed.
2.1. Fail, if the cert has changed.
In the case of a public domain, self-signed is a red flag. Maybe the app could expect self-signed if a private IP address was typed (as it's impossible to have a CA-signed cert) and then do TOFU.
Steps to reproduce:
- Self-host Synapse.
- Open the app.
- Enter the username and the IP address.
- See error message
Username not foundat the top.
Additional info
I could add the cert to the system trust store, but I'd rather do TOFU in-app than have users let strangers put hands on the system settings, possibly outside the trust store.
Application version
1.0.26
App Store name
F-Droid
Phone model
No response
Operating system version
No response
Homeserver
No response
Contact info
No response
Metadata
Metadata
Assignees
Labels
No labels