-
-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Connection silently fails after removing certificate #825
Comments
Yeah sorry this is a problem for a lot of people, especially LetsEncrypt
…On Sat, Jul 29, 2017 at 3:08 PM, Michel Le Bihan ***@***.***> wrote:
After I remove a certificate from pined certificates and the server is
using it, connection will silently fail: when I select the connect button
nothing happens. (I saw the connection in Prosody logs aborted just after
the Hello.) The user should see a message that CS doesn't connect because
the certificate was removed. Without that, I don't know what is happening.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#825>, or mute the
thread
<https://github.com/notifications/unsubscribe-auth/AAfqH640W4DpVtyFjFlNFf5f0jbURttrks5sS61cgaJpZM4OnedD>
.
|
Fix will be included in upcoming 4.1.1 release |
@chrisballinger In latest TestFlight 4.1.1 (98) when I go to edit account and save/confirm, I will get a notification about accepting the new certificate, but if I just click on the connect button, connection will still silently fail. |
Do you mean silently fails on "Log In" button on the initial account detail screen? |
@chrisballinger This one |
@chrisballinger This issue should be reopened. |
Ah I see, agreed. Should be a simple fix after my earlier refactor. |
@chrisballinger Any news on this one? When certbot renews my certificate (by generating a new one...), ChatSecure silently break on my contacts devices. They are still receiving push notifications, but when they open the notification, they don't see the message, they also can't send messages.... I need to 'fix' it for them by clicking in the right place that will open that dialog for accepting the certificate.... I also think it is not a good idea to let users decide about the cert. |
You're probably right about auto-trusting valid CAs by default, especially
now that Let's Encrypt is more widespread. There was a slight improvement
to the cert warning UX in a previous commit but I'm not sure if I released
it.
…On Sat, Sep 9, 2017 at 11:43 AM, Michel Le Bihan ***@***.***> wrote:
@chrisballinger <https://github.com/chrisballinger> Any news on this one?
When certbot renews my certificate (by generating a new one...), ChatSecure
silently break on my contacts devices. They are still receiving push
notifications, but when they open the notification, they don't see the
message, they also can't send messages.... I need to 'fix' it for them by
clicking in the right place that will open that dialog for accepting the
certificate....
I also think it is not a good idea to let users decide about the cert.
When somebody (like me) knows what is it and how to verify the
certificate, it is a great security improvement. When somebody doesn't
know, they have no clue what to do when they see the dialog...
I think it should be like in Conversations: by default CA valid certs are
automatically accepted, but there is an expert setting that lets users
decide for each cert.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#825 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAfqH5OLkMvTdd2wkbt8G57qntjn2rFiks5sgtxegaJpZM4OnedD>
.
|
You didn't. |
@chrisballinger Fixed in latest TestFlight [ChatSecure 4.1.1 (100)]. Thanks. |
The current situation isn't good as after a certificate change, users continue to get push notifications, but after opening the app, they don't see any new messages and don't know they need to go to account settings and click on connect (to see the new cert dialog). |
Yeah, this could be improved. I think we will just go back to auto-trusting valid CA issued certs with a paranoid opt-out. |
I think it is the best solution. |
After I remove a certificate that my server is using from pined certificates, connection will silently fail: when I select the connect button nothing happens. (I saw the connection in Prosody logs aborted just after the Hello.) The user should see a message that CS doesn't connect because the certificate was removed. Without that, I don't know what is happening.
The text was updated successfully, but these errors were encountered: