Synthesis AG - SyncML Discussion Forum  

Go Back   Synthesis AG - SyncML Discussion Forum > Synthesis SyncML Products (english) > SyncML Clients for Android

Reply
 
Thread Tools Display Modes
  #1  
Old 2011-01-03, 22:25
Nikratio Nikratio is offline
Junior Member
 
Join Date: 2010-09
Posts: 6
Default SSL Settings

Hello,

I am a bit unhappy about the "Ignore SSL Errors" option. I am using a self-signed server certificate, but that does not mean that I want to ignore all SSL errors.

Would it be possible to make the Synthesis client follow the established behaviour when encountering a certificate that it cannot validate, i.e. ask the user whether to accept the certificate and then store it (so that there will be an SSL error if the server suddenly presents a different certificate)?


Best,
Nikolaus
Reply With Quote
  #2  
Old 2011-01-06, 13:52
bfo's Avatar
bfo bfo is offline
Synthesis AG
 
Join Date: 2006-06
Posts: 261
Default Re: SSL Settings

In case you switch "ignore SSL errors", not everything will be ignored. The certificate will not be checked, and the hostname will not be verified.
But the connection is still encrypted.

The Synthesis SyncML client for Android has not it's own SSL implementation, but is based on what Android is providing, so it relies on the restrictions of the Android system. It's also known that some certificates based on intermediate CAs are not properly handled. The good news is that Google has fixed this in their next Android version 2.3.

Regards,
Beat
__________________
Beat Forster, Synthesis AG
Reply With Quote
  #3  
Old 2011-01-08, 02:20
TheDOC TheDOC is offline
Junior Member
 
Join Date: 2010-11
Posts: 10
Default Re: SSL Settings

I've got the same problem here. I've got a self signed certificate.

What would happen, if the server certificate changes? Will the SyncML app give a warning about that?

If not: Do you have a howto on how to import a certificate authority to the device so that it's used by the SyncML app?
Reply With Quote
  #4  
Old 2011-01-09, 19:47
bfo's Avatar
bfo bfo is offline
Synthesis AG
 
Join Date: 2006-06
Posts: 261
Default Re: SSL Settings

As far as I'm informed you can import certificates in .p12 format from the SD card and activate them with the Android settings -> location & security, I've never tried that out however.
__________________
Beat Forster, Synthesis AG
Reply With Quote
  #5  
Old 2011-01-10, 00:09
Nikratio Nikratio is offline
Junior Member
 
Join Date: 2010-09
Posts: 6
Default Re: SSL Settings

Hi,

Installing the CA certificate works fine, but it seems that Android is not using it for validating server certificates. My guess is that the certificate management only works for client certificates.
Reply With Quote
  #6  
Old 2011-01-11, 00:42
TheDOC TheDOC is offline
Junior Member
 
Join Date: 2010-11
Posts: 10
Default Re: SSL Settings

I've managed to install the CA this way (by exchanging the cacert-parts with my self signed CA):

http://wiki.cacert.org/ImportRootCert#Android_Phones

That works very well with the synthesis app.
Reply With Quote
  #7  
Old 2011-03-23, 17:43
Nikratio Nikratio is offline
Junior Member
 
Join Date: 2010-09
Posts: 6
Default Re: SSL Settings

Hi,

Just wanted to confirm that certificates installed with Android settings -> location & security will not be used for HTTP, SMTP or IMAP server verification but for logging into WiFi.

However, the procedure described in http://wiki.cacert.org/ImportRootCert#Android_Phones works for HTTP (SyncML), SMTP and IMAP.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +2. The time now is 19:00.


Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.