Comments (6)
For the custom certificate, you need to paste the actual client certification, not the CA one (of course if the client certificate rotates frequently, that's annoying). If that doesn't work please let me know!
Nonetheless, the request is valid and I'll have to check how to make flutter do it!
from waterfly-iii.
Looks like this is currently not properly supported by dart itself, see dart-lang/sdk#50435
For now I hesitate to use https://pub.dev/packages/cronet_http_embedded due to the experimental status. Hope it will get properly integrated into dart/flutter soon.
from waterfly-iii.
Hello, I tried to enter my PEM multiple ways. My setup is 1. Root CA 2. Intermediate CA and 3. Endpoint Certificate for my firefly webserver. (traefik). It's not clear to me what to insert as the certificate on the android app. Is it the public key of the (3. Endpoint Certificate)? I tried chaining the PEM certs together (1. 2. and 3.)
On a side note. It would be nice to be able to set the certificate (private+public key) for the android app waterfly. This is so that the server would check the cert and verify the client is an authorized device. I don't want to allow any connections to my server that aren't authorized with my cert. Traefik web proxy allows for client authentication.
from waterfly-iii.
Hi, you need to use the actual server certificate.
Using a client certificate has been requested in #75. Please note that those tickets don't have the highest priority for me (though I'm always happy if someone wants to help out!) as even the Firefly dev mentioned multiple times that the API endpoint (/api/
) doesn't need to be protected - you can't do anything without API key there.
from waterfly-iii.
I implemented this feature by using the cronet http library in v1.0.3, but forgot a crucial setting to actually allow user CA certificates. I could reimplement this feature now properly for the next version.
However, I also now found a post by the Author of the cronet implementation in dart that custom SSL certificates will never work.
So now it can be either or - allow custom server certificates to be pasted in the app (like right now), or you need to upload it into the android system. As far as I understood it, only CA certificates can be uploaded into the android certificate storage (whereas right now you need to paste the server certificate), and not sure if everyone using custom certificates would know how to do that.
Any opinions here? Any good guide I could point users to when they are asking? I guess it depends a ton on their individual setup of reverse proxy etc..
from waterfly-iii.
@dreautall I think that using the local trust store with a vetted verification process is ideal. It more closely follows best practices for a custom PKI - or any PKI in general.
I don't think that handling the intricacies of SSL should be Waterfly III's problem to solve.
In regards to guides for installing a CA on the device, it kind of depends on the OS/UI that is installed for each device. There's not really a "one size fits all" guide to it and it's more of a "RTFM" situation.
Generally, the advice is to first download the root CA certificate (or the self-signed server certificate) as a .pem
file, then either:
- Navigate to it in the device file browser and tap/click to open it. Proceed through the dialogs to install it as a CA.
- Go to the device settings and navigate to (something like):
Security and privacy > More security settings > Credential storage > Install from device storage
. Proceed through the dialogs to install it as a CA.
from waterfly-iii.
Related Issues (20)
- App shortcuts HOT 2
- Feature Request: split transactions HOT 3
- Feature Request: Customizable Dashboard HOT 1
- Bills tab showing error : "Error loading bills." HOT 6
- Net worth includes asset accounts which should not HOT 1
- Additional Bank Apps for Notification Service HOT 2
- Prefetching drop down entries when adding transaction HOT 3
- Transactions filter not working HOT 3
- Translation to Swedish HOT 1
- Transaction time problem HOT 5
- Can't upload any attachment HOT 2
- .apk version of app does not work with v1.0.2 HOT 6
- Error with latest version of Firefly III (v6.1.14) HOT 3
- Api key error HOT 14
- Notifications: Option to not add note
- Provide option to hide tags in Transactions view HOT 3
- Transaction list after edit lost group by date HOT 3
- No bars on daily summary graph HOT 5
- Error at login HOT 4
- Certificate error ERR_CERT_AUTHORITY_INVALID HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from waterfly-iii.