Page MenuHomePhabricator
Create Task
Maniphest T219358

Trust user added Certificates Authorities(CAs) on Android 7 and beyond
Closed, DeclinedPublic
Actions

Description

Starting in from Android Nougat, an application won't trust user added CAs by default (see android developers blog).
If a user uses an ISP's content filtering service or conent filtering service based on vpn (I for example use Netspark),
the content filtering service needs to be decrypted and reencrypted by the content filtering serive. for doing that the ISP/vpn server replaces the ssl certificate by an ssl certificate signed by himself. to make android trust the new certificate he asks the user to add it as a trusted CA by installing a .crt file.
But because starting from nougat an application won't trust user added CAs, wikipedia won't trust the new certificate, a "java.security.cert.CertPathValidatorException: Trust anchor for certification path not found" will be thrown and the user will see something like "Could not connect to internet".

The solution is to set network-security-config in AndroidManifest.xml to trust both user and system CAs as noted in the foregoing link to android developers blog.

Event Timeline

nyemini created this task.Mar 27 2019, 9:45 AM
Restricted Application added a project: Wikipedia-Android-App-Backlog. · View Herald TranscriptMar 27 2019, 9:45 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
nyemini added a comment.Mar 27 2019, 9:49 AM

Acctually I have already implemented that solution and it works great! I'll be happy to contribute it to the github repo, but as I read I should wait until it will get out of open tasks/needs triage category, am I right?

nyemini renamed this task from Trust user added Certificates Authorities(CAs) to Trust user added Certificates Authorities(CAs) on Android 7 and beyond.Mar 27 2019, 10:20 AM
Dbrant subscribed.Mar 27 2019, 2:12 PM

@nyemini Feel free to submit a pull request on github anytime. We'll prioritize the ticket as necessary.

nyemini added a comment.Mar 27 2019, 10:41 PM

I have submited a pull request https://github.com/wikimedia/apps-android-wikipedia/pull/123.

Charlotte moved this task from Needs Triage to Product Backlog on the Wikipedia-Android-App-Backlog board.Apr 17 2019, 4:26 PM
Dbrant closed this task as Declined.Oct 2 2020, 4:17 PM

I'm afraid this is unlikely to be done.

nyemini added a comment.Oct 3 2020, 5:36 PM

Amm, actually, the PR mentioned above has been merged. So declined status isn't appropriate:)
I'm sorry I forgot to notify here.

Dbrant added a comment.Oct 3 2020, 5:49 PM

It was merged by accident and then reverted.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL