Java errors for self-signed certificates

[clach04]

I love that https://github.com/9001/copyparty/ by default will accept https / TLS / SSL connections by default using a self-signed certificate. The Android app does not appear to support this

Error2: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

maybe wrong password?

This maybe an enhancement request in disguise as well as a bug report.

Option to ignore unknown certs (off by default). https://github.com/mwarning/trigger has such an option.

[9001]

Well then, guess it's time to dust off android studio again :>

Supporting self-signed certificates can make sense in some situations, so it's not a terrible idea -- although preferably it should ask you to add a permanent exception for one specific certificate that you actually trust, rather than blanket-allowing unsigned certs.

Might also add a warning if you try to trust the default certificate that comes with copyparty, since that thing isn't far away from just running plain http... Since anyone can grab the private-key from the repo and decrypt the traffic that way (or at least I think so -- not 100% on the details of TLS heh)

Not sure when I'll get around to this, so if any android wizards feels like picking this one up in the meantime, please do!

[clach04]

Alternative (well parallel) idea; document (somewhere):

1. Doc how to generate a self signed certificates for https://github.com/9001/copyparty/ (if there isn't already something)
2. Doc how to add self signed certificates to Android System (which party-up would then use)

Probably worth a spin off ticket, possibly under https://github.com/9001/copyparty/issues/ rather than party-up.

Thoughts? This is something I can help with (unlike the ignore option added to Party-Up).

[9001]

Oh nice, didn't realize android lets you add your own certificates -- yeah that is a good idea, and it's more secure too (since you know exactly what certificate you're trusting) 👌

on the other hand it's a bit more work when you're setting up the app, but hey... i'm not entirely confident i'd be able to pull off the prompt in the app to auto-trust the certificate either :-p

I've updated the warning you get when you launch copyparty with the default cert, so it now mentions the linux certificate generator -- but that leaves out the Windows users... I'll see how doable it would be to port the script to batch or powershell :> and we should mention all this in the readme too probably 👍

EDIT: and come to think of it, the obvious solution would be to let copyparty generate/manage its own certificates by invoking cfssl as necessary -- i'll see if that's doable by the next ver!

EDIT2: the more I think about that, not entirely sure it's a good idea after all... would need to specify domain / IPs to generate the cert for, and would feel very bolted-on. Let's sleep on it :>

regarding the documentation for party-up, we should probably mention that it's better to trust the CA certificate rather than the server cert, mainly since it makes maintenance easier and I think that's what Android expects at any rate... or at least I think that's the case! haven't checked yet hehe