Re: [pve-devel] [PATCH proxmox_dart_api_client/pve_flutter_frontend 0/3] fix: android: add support to honor user installed certificate

From: "Michael Köppl" <m.koeppl@proxmox.com>
To: "Proxmox VE development discussion" <pve-devel@lists.proxmox.com>
Cc: "pve-devel" <pve-devel-bounces@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH proxmox_dart_api_client/pve_flutter_frontend 0/3] fix: android: add support to honor user installed certificate
Date: Wed, 03 Sep 2025 13:28:27 +0200	[thread overview]
Message-ID: <DCJ4ONVHUS1B.2PR9TS3ZF3OE4@proxmox.com> (raw)
In-Reply-To: <20250902101713.82292-1-s.shaji@proxmox.com>

Tested this in my Android emulator. I installed the certificate of my
PVE node through the Android settings and then tried to connect with SSL
validation enabled. Seems to work as advertised. Same as before,
connecting without the certificate installed presents a user-friendly
error and disabling the validation lets one connect anyway.

The only thing I noticed, as discussed off-list already, is that when
there is some kind of problem with the certificate (e.g. the SAN is
invalid or missing), the error dialog shows the exception message.
This could be improved a bit with a nicer message for such scenarios,
but could IMO also be added in a separate patch.

With my comment for proxmox_dart_api_client 1/2 addressed consider this:
Tested-by: Michael Köppl <m.koeppl@proxmox.com>
Reviewed-by: Michael Köppl <m.koeppl@proxmox.com>

On Tue Sep 2, 2025 at 12:17 PM CEST, Shan Shaji wrote:
> The app was not honoring the user installed certificate and was still
> throwing `HandShakeException` when using `IOClient`. Inorder to fix the
> issue used the `cronet_http` package. This patch series only includes
> the changes specific to android.  
>
> For iOS i believe the same can be implemented with the cupertino_http 
> package as it internaly uses the iOS foundation URL Loading system.
> However i need to verify and test it. Will create another patch for 
> iOS related changes. 
>
> pve_flutter_frontend:
>
> Shan Shaji (1):
>   fix: android: add network config to support custom certificates
>
>  android/app/src/main/AndroidManifest.xml                 | 3 ++-
>  android/app/src/main/res/xml/network_security_config.xml | 9 +++++++++
>  2 files changed, 11 insertions(+), 1 deletion(-)
>  create mode 100644 android/app/src/main/res/xml/network_security_config.xml
>
>
> proxmox_dart_api_client:
>
> Shan Shaji (2):
>   fix: android: use `crone_http` package to honor user custom
>     certificates
>   fix: add explicit throw of `HandShakeException`
>
>  lib/src/authenticate.dart | 31 ++++++++++----
>  lib/src/utils_native.dart | 12 ++++++
>  pubspec.lock              | 89 ++++++++++++++++++++++++++++++++++++---
>  pubspec.yaml              |  1 +
>  4 files changed, 117 insertions(+), 16 deletions(-)
>
>
> Summary over all repositories:
>   6 files changed, 128 insertions(+), 17 deletions(-)

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel