Jump to content

myndzi

New Members
  • Posts

    3
  • Joined

  • Last visited

myndzi's Achievements

Newbie

Newbie (1/3)

  1. Thanks for the response. Just to clarify a little bit, since this can be a confusing topic: I think what you are saying is that you have disabled server certificate verification in the client connection, which means that the client will accept a connection to a server when that server's certificate is not trusted by the client's certificate chain of trust (e.g. a self-signed certificate). The feature request here is kind of the opposite "direction of trust". The server asks the _client_ to provide a certificate, and the server is configured to accept or reject the connection based on if the client can supply a trustable certificate. My server certificate is signed by Let's Encrypt, so it works fine from the client side It takes some technical set-up to make this work, but from the phone's point of view, you just have to open/install a "pfx" file to add it to the phone's credential store. Then, the client, when talking to the server, needs to be capable of recognizing that the server wants that client credential, and provide a way for the user to select to use it.
  2. Hi there. I've been using Poweramp for ages and it's a great product. Recently, I've been expanding my home lab, and I've selectively exposed certain internal stuff to the public internet behind a reverse proxy -- that proxy requires client certificates for access. So, for example, my phone can access internal websites such as Home Assistant, but non-authorized computers will be rejected before they even get the opportunity to talk to the backend service. I'm about to do some work to set up audo playback inside my house, but it struck me that since I already have authenticated internet access to select internal devices, I could also set up streaming radio and play it back with Poweramp. (I could use a browser, but then I wouldn't be able to run the audio in the background as far as I can tell). The problem is that, while Android supports a certificate store and provides the ability for applications to use it when connecting to things, that doesn't just happen magically for "anything connecting to https". You can see the work that would be involved with this pull request which added this functionality into Home Assistant's Android companion app: https://github.com/home-assistant/android/pull/2526 I'm hoping there's a chance you'd be willing to add something similar to Poweramp. The security benefit is definitely something that only a tech-savvy power-user would appreciate, but I'm hoping that the PR above makes it easy/accessible enough to do that it's not a big deal to add in
×
×
  • Create New...