From: Shan Shaji <s.shaji@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH pve_flutter_frontend 1/1] fix: android: add network config to support custom certificates
Date: Tue, 2 Sep 2025 12:17:11 +0200 [thread overview]
Message-ID: <20250902101713.82292-2-s.shaji@proxmox.com> (raw)
In-Reply-To: <20250902101713.82292-1-s.shaji@proxmox.com>
Apps targeting Android 6 (API level 23) and lower trust the user added
CA store by default. However, apps targeting > API level 23 need to
explicity mention trust anchor in the security configuration [0] to
trust user installed certificates.
[0] - https://developer.android.com/privacy-and-security/security-config#manifest
References:
- https://developer.android.com/privacy-and-security/security-config#CustomTrust
- https://developer.android.com/privacy-and-security/security-config#ConfigInheritance
- https://developer.android.com/privacy-and-security/security-config#trust-anchors
- https://developer.android.com/privacy-and-security/security-config#certificates
Signed-off-by: Shan Shaji <s.shaji@proxmox.com>
---
android/app/src/main/AndroidManifest.xml | 3 ++-
android/app/src/main/res/xml/network_security_config.xml | 9 +++++++++
2 files changed, 11 insertions(+), 1 deletion(-)
create mode 100644 android/app/src/main/res/xml/network_security_config.xml
diff --git a/android/app/src/main/AndroidManifest.xml b/android/app/src/main/AndroidManifest.xml
index b699752..66135eb 100644
--- a/android/app/src/main/AndroidManifest.xml
+++ b/android/app/src/main/AndroidManifest.xml
@@ -5,7 +5,8 @@
<application
android:label="Proxmox Virtual Environment"
- android:icon="@mipmap/ic_launcher">
+ android:icon="@mipmap/ic_launcher"
+ android:networkSecurityConfig="@xml/network_security_config">
<activity
android:name="com.proxmox.app.pve_flutter_frontend.MainActivity"
diff --git a/android/app/src/main/res/xml/network_security_config.xml b/android/app/src/main/res/xml/network_security_config.xml
new file mode 100644
index 0000000..37a8e3f
--- /dev/null
+++ b/android/app/src/main/res/xml/network_security_config.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config>
+ <base-config>
+ <trust-anchors>
+ <certificates src="system"/>
+ <certificates src="user"/>
+ </trust-anchors>
+ </base-config>
+</network-security-config>
\ No newline at end of file
--
2.47.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-09-02 10:17 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-02 10:17 [pve-devel] [PATCH proxmox_dart_api_client/pve_flutter_frontend 0/3] fix: android: add support to honor user installed certificate Shan Shaji
2025-09-02 10:17 ` Shan Shaji [this message]
2025-09-02 10:17 ` [pve-devel] [PATCH proxmox_dart_api_client 1/2] fix: android: use `crone_http` package to honor user custom certificates Shan Shaji
2025-09-03 10:16 ` Michael Köppl
2025-09-03 11:47 ` Shan Shaji
2025-09-04 10:40 ` Shan Shaji
2025-09-02 10:17 ` [pve-devel] [PATCH proxmox_dart_api_client 2/2] fix: add explicit throw of `HandShakeException` Shan Shaji
2025-09-02 10:39 ` [pve-devel] [PATCH proxmox_dart_api_client/pve_flutter_frontend 0/3] fix: android: add support to honor user installed certificate Shan Shaji
2025-09-03 11:28 ` Michael Köppl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250902101713.82292-2-s.shaji@proxmox.com \
--to=s.shaji@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox