"Trust anchor for certification path not found" when using custom CA, even after installing into trust store #191
Comments
|
A corresponding thread has been filed on the forums: https://forums.zotero.org/discussion/120678/custom-ca-on-android |
adityaruplaha
added a commit
to adityaruplaha/zotero-android
that referenced
this issue
Dec 27, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Firstly, thanks for this awesome app!
I run a personal CA for my self-hosted WebDAV server. While certificate overriding is possible for the desktop application, for the Android application, even adding the custom CA to the system-wide trust store doesn't work, as Zotero is configured to accept only pre-installed system certificates (see https://developer.android.com/privacy-and-security/security-config#certificates):
zotero-android/app/src/main/res/xml/network_security_config.xml
Line 10 in d640dcd
This is a problem for those using self-hosted or institutional WebDAV servers. The fix is trivial, moving
zotero-android/app/src/main/res/xml/network_security_config.xml
Line 15 in d640dcd
base-configsection.I feel that Android has plenty of safeguards against users accidentally adding CAs opening their traffic up to interception, so this change would not significantly impact security, and would be an important QOL improvement for a good chunk of users.
The text was updated successfully, but these errors were encountered: