Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Connection silently fails after removing certificate #825

Open
mimi89999 opened this issue Jul 29, 2017 · 14 comments
Open

Connection silently fails after removing certificate #825

mimi89999 opened this issue Jul 29, 2017 · 14 comments

Comments

@mimi89999
Copy link
Contributor

mimi89999 commented Jul 29, 2017

After I remove a certificate that my server is using from pined certificates, connection will silently fail: when I select the connect button nothing happens. (I saw the connection in Prosody logs aborted just after the Hello.) The user should see a message that CS doesn't connect because the certificate was removed. Without that, I don't know what is happening.

@chrisballinger
Copy link
Member

chrisballinger commented Jul 30, 2017 via email

@chrisballinger
Copy link
Member

Fix will be included in upcoming 4.1.1 release

@mimi89999
Copy link
Contributor Author

@chrisballinger In latest TestFlight 4.1.1 (98) when I go to edit account and save/confirm, I will get a notification about accepting the new certificate, but if I just click on the connect button, connection will still silently fail.

@chrisballinger
Copy link
Member

Do you mean silently fails on "Log In" button on the initial account detail screen?

@mimi89999
Copy link
Contributor Author

@chrisballinger This one
img_1622

@mimi89999
Copy link
Contributor Author

@chrisballinger This issue should be reopened.

@chrisballinger
Copy link
Member

Ah I see, agreed. Should be a simple fix after my earlier refactor.

@chrisballinger chrisballinger reopened this Aug 3, 2017
@mimi89999
Copy link
Contributor Author

@chrisballinger Any news on this one? When certbot renews my certificate (by generating a new one...), ChatSecure silently break on my contacts devices. They are still receiving push notifications, but when they open the notification, they don't see the message, they also can't send messages.... I need to 'fix' it for them by clicking in the right place that will open that dialog for accepting the certificate....

I also think it is not a good idea to let users decide about the cert.
When somebody (like me) knows what is it and how to verify the certificate, it is a great security improvement. When somebody doesn't know, they have no clue what to do when they see the dialog...
I think it should be like in Conversations: by default CA valid certs are automatically accepted, but there is an expert setting that lets users decide for each cert.

@chrisballinger
Copy link
Member

chrisballinger commented Sep 9, 2017 via email

@mimi89999
Copy link
Contributor Author

You didn't.

@mimi89999
Copy link
Contributor Author

@chrisballinger Fixed in latest TestFlight [ChatSecure 4.1.1 (100)]. Thanks.

@mimi89999
Copy link
Contributor Author

The current situation isn't good as after a certificate change, users continue to get push notifications, but after opening the app, they don't see any new messages and don't know they need to go to account settings and click on connect (to see the new cert dialog).

@mimi89999 mimi89999 reopened this Oct 22, 2017
@chrisballinger
Copy link
Member

Yeah, this could be improved. I think we will just go back to auto-trusting valid CA issued certs with a paranoid opt-out.

@mimi89999
Copy link
Contributor Author

I think we will just go back to auto-trusting valid CA issued certs with a paranoid opt-out.

I think it is the best solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants