feat(mobile): add server cert field, similar to client cert#14335
Closed
crisoagf wants to merge 1 commit intoimmich-app:mainfrom
Closed
feat(mobile): add server cert field, similar to client cert#14335crisoagf wants to merge 1 commit intoimmich-app:mainfrom
crisoagf wants to merge 1 commit intoimmich-app:mainfrom
Conversation
crisoagf
force-pushed
the
add-personal-root-cert
branch
from
678fd71 to
5e498ec
Compare
Member
|
Hey, could you please provide more information on what this is supposed to achieve? |
Author
Sure thing! This is an attempt to implement certificate selection for self-signed/enterprise-signed servers without simply disabling SSL certificate checking. It creates another settings field, similar to the client certificate selection, to import a root or self-signed certificate and use that for connection validation. AFAICT, this is only needed for Android, for iPhones already respect user imported certificates. Currently, the only option for custom root certs or self-signed certs in Android is "Allow self-signed SSL certificates" that accepts any certificate that matches the hostname, which is at least a bit scary from an MITM attack perspective. Context is #13555 . |
alextran1502
changed the title
Member
|
Hello, can you add some information on how this PR has been tested? |
Author
|
So far I tested with local build + I'll try to add some info in some file in the repo and I'd really like to write a couple of tests. I may take a while (haven't been having a lot of free time lately), but I'll do it. |
Member
|
@crisoagf Using the cronet_http package for the HTTPClient will make flutter respect the CAs installed system-wide. That'd be the proper way to fix this. Can you please open a new PR with the cronet implementation instead? Thanks a lot for the contribution. |
jfly
added a commit
to jfly/immich
that referenced
this pull request
Jul 9, 2025
This is part of immich-app#15230. Frustratingly, Dart/Flutter ignores user-installed certificates. Working around this requires rooting your Android device to install certificates as "system" certs, which isn't an option for everyone. This is a known issue with Dart, see dart-lang/sdk#50435 and flutter/flutter#56607 for details. I have read through <immich-app#15230> and <immich-app#13555>, and I understand that switching to [`cronnet_http`](immich-app#14335 (comment)) would also resolve this. While that may be the correct long-term approach, it looks like there are [a lot of network codepaths](immich-app#15230 (comment)) in Immich, and as I know basically nothing about Dart, nor Flutter, nor Immich's codebase, I thought this would be a better short term approach. This depends on my fork of `johnstef99/flutter_user_certificates_android`, which I've sent a PR for here <johnstef99/flutter_user_certificates_android#2>. If y'all don't like the supply chain implications of that, I'm happy to inline the implementation here instead.
10 tasks
jfly
added a commit
to jfly/immich
that referenced
this pull request
Jul 9, 2025
This is part of immich-app#15230. Frustratingly, Dart/Flutter ignores user-installed certificates. Working around this requires rooting your Android device to install certificates as "system" certs, which isn't an option for everyone. This is a known issue with Dart, see dart-lang/sdk#50435 and flutter/flutter#56607 for details. I have read through <immich-app#15230> and <immich-app#13555>, and I understand that switching to [`cronnet_http`](immich-app#14335 (comment)) would also resolve this. While that may be the correct long-term approach, it looks like there are [a lot of network codepaths](immich-app#15230 (comment)) in Immich, and as I know basically nothing about Dart, nor Flutter, nor Immich's codebase, I thought this would be a better short term approach. This depends on my fork of `johnstef99/flutter_user_certificates_android`, which I've sent a PR for here <johnstef99/flutter_user_certificates_android#2>. If y'all don't like the supply chain implications of that, I'm happy to inline the implementation here instead.
jfly
added a commit
to jfly/immich
that referenced
this pull request
Jul 9, 2025
This is part of immich-app#15230. Frustratingly, Dart/Flutter ignores user-installed certificates. Working around this requires rooting your Android device to install certificates as "system" certs, which isn't an option for everyone. This is a known issue with Dart, see dart-lang/sdk#50435 and flutter/flutter#56607 for details. I have read through <immich-app#15230> and <immich-app#13555>, and I understand that switching to [`cronnet_http`](immich-app#14335 (comment)) would also resolve this. While that may be the correct long-term approach, it looks like there are [a lot of network codepaths](immich-app#15230 (comment)) in Immich, and as I know basically nothing about Dart, nor Flutter, nor Immich's codebase, I thought this would be a better short term approach. This depends on my fork of `johnstef99/flutter_user_certificates_android`, which I've sent a PR for here <johnstef99/flutter_user_certificates_android#2>. If y'all don't like the supply chain implications of that, I'm happy to inline the implementation here instead.
jfly
added a commit
to jfly/immich
that referenced
this pull request
Jul 24, 2025
This is part of immich-app#15230. Frustratingly, Dart/Flutter ignores user-installed certificates. Working around this requires rooting your Android device to install certificates as "system" certs, which isn't an option for everyone. This is a known issue with Dart, see dart-lang/sdk#50435 and flutter/flutter#56607 for details. I have read through <immich-app#15230> and <immich-app#13555>, and I understand that switching to [`cronnet_http`](immich-app#14335 (comment)) would also resolve this. While that may be the correct long-term approach, it looks like there are [a lot of network codepaths](immich-app#15230 (comment)) in Immich, and as I know basically nothing about Dart, nor Flutter, nor Immich's codebase, I thought this would be a better short term approach. For the record: the important code here is copied from my fork of `johnstef99/flutter_user_certificates_android`. See this PR for more context: <johnstef99/flutter_user_certificates_android#2>.
jfly
added a commit
to jfly/immich
that referenced
this pull request
Jul 24, 2025
This is part of immich-app#15230. Frustratingly, Dart/Flutter ignores user-installed certificates. Working around this requires rooting your Android device to install certificates as "system" certs, which isn't an option for everyone. This is a known issue with Dart, see dart-lang/sdk#50435 and flutter/flutter#56607 for details. I have read through <immich-app#15230> and <immich-app#13555>, and I understand that switching to [`cronnet_http`](immich-app#14335 (comment)) would also resolve this. While that may be the correct long-term approach, it looks like there are [a lot of network codepaths](immich-app#15230 (comment)) in Immich, and as I know basically nothing about Dart, nor Flutter, nor Immich's codebase, I thought this would be a better short term approach. For the record: the important code here is copied from my fork of `johnstef99/flutter_user_certificates_android`. See this PR for more context: <johnstef99/flutter_user_certificates_android#2>.
jfly
added a commit
to jfly/immich
that referenced
this pull request
Jul 25, 2025
This is part of immich-app#15230. Frustratingly, Dart/Flutter ignores user-installed certificates. Working around this requires rooting your Android device to install certificates as "system" certs, which isn't an option for everyone. This is a known issue with Dart, see dart-lang/sdk#50435 and flutter/flutter#56607 for details. I have read through <immich-app#15230> and <immich-app#13555>, and I understand that switching to [`cronnet_http`](immich-app#14335 (comment)) would also resolve this. While that may be the correct long-term approach, it looks like there are [a lot of network codepaths](immich-app#15230 (comment)) in Immich, and as I know basically nothing about Dart, nor Flutter, nor Immich's codebase, I thought this would be a better short term approach. For the record: the important code here is copied from my fork of `johnstef99/flutter_user_certificates_android`. See this PR for more context: <johnstef99/flutter_user_certificates_android#2>.
jfly
added a commit
to jfly/immich
that referenced
this pull request
Jul 25, 2025
This is part of immich-app#15230. Frustratingly, Dart/Flutter ignores user-installed certificates. Working around this requires rooting your Android device to install certificates as "system" certs, which isn't an option for everyone. This is a known issue with Dart, see dart-lang/sdk#50435 and flutter/flutter#56607 for details. I have read through <immich-app#15230> and <immich-app#13555>, and I understand that switching to [`cronnet_http`](immich-app#14335 (comment)) would also resolve this. While that may be the correct long-term approach, it looks like there are [a lot of network codepaths](immich-app#15230 (comment)) in Immich, and as I know basically nothing about Dart, nor Flutter, nor Immich's codebase, I thought this would be a better short term approach. For the record: the important code here is copied from my fork of `johnstef99/flutter_user_certificates_android`. See this PR for more context: <johnstef99/flutter_user_certificates_android#2>.
jfly
added a commit
to jfly/immich
that referenced
this pull request
Jul 25, 2025
This is part of immich-app#15230. Frustratingly, Dart/Flutter ignores user-installed certificates. Working around this requires rooting your Android device to install certificates as "system" certs, which isn't an option for everyone. This is a known issue with Dart, see dart-lang/sdk#50435 and flutter/flutter#56607 for details. I have read through <immich-app#15230> and <immich-app#13555>, and I understand that switching to [`cronnet_http`](immich-app#14335 (comment)) would also resolve this. While that may be the correct long-term approach, it looks like there are [a lot of network codepaths](immich-app#15230 (comment)) in Immich, and as I know basically nothing about Dart, nor Flutter, nor Immich's codebase, I thought this would be a better short term approach. For the record: the important code here is copied from my fork of `johnstef99/flutter_user_certificates_android`. See this PR for more context: <johnstef99/flutter_user_certificates_android#2>.
jfly
added a commit
to jfly/immich
that referenced
this pull request
Jul 25, 2025
This is part of immich-app#15230. Frustratingly, Dart/Flutter ignores user-installed certificates. Working around this requires rooting your Android device to install certificates as "system" certs, which isn't an option for everyone. This is a known issue with Dart, see dart-lang/sdk#50435 and flutter/flutter#56607 for details. I have read through <immich-app#15230> and <immich-app#13555>, and I understand that switching to [`cronnet_http`](immich-app#14335 (comment)) would also resolve this. While that may be the correct long-term approach, it looks like there are [a lot of network codepaths](immich-app#15230 (comment)) in Immich, and as I know basically nothing about Dart, nor Flutter, nor Immich's codebase, I thought this would be a better short term approach. For the record: the important code here is copied from my fork of `johnstef99/flutter_user_certificates_android`. See this PR for more context: <johnstef99/flutter_user_certificates_android#2>.
jfly
added a commit
to jfly/immich
that referenced
this pull request
Jul 25, 2025
This is part of immich-app#15230. Frustratingly, Dart/Flutter ignores user-installed certificates. Working around this requires rooting your Android device to install certificates as "system" certs, which isn't an option for everyone. This is a known issue with Dart, see dart-lang/sdk#50435 and flutter/flutter#56607 for details. I have read through <immich-app#15230> and <immich-app#13555>, and I understand that switching to [`cronnet_http`](immich-app#14335 (comment)) would also resolve this. While that may be the correct long-term approach, it looks like there are [a lot of network codepaths](immich-app#15230 (comment)) in Immich, and as I know basically nothing about Dart, nor Flutter, nor Immich's codebase, I thought this would be a better short term approach. For the record: the important code here is copied from my fork of `johnstef99/flutter_user_certificates_android`. See this PR for more context: <johnstef99/flutter_user_certificates_android#2>.
jfly
added a commit
to jfly/immich
that referenced
this pull request
Jul 28, 2025
This is part of immich-app#15230. Frustratingly, Dart/Flutter ignores user-installed certificates. Working around this requires rooting your Android device to install certificates as "system" certs, which isn't an option for everyone. This is a known issue with Dart, see dart-lang/sdk#50435 and flutter/flutter#56607 for details. I have read through <immich-app#15230> and <immich-app#13555>, and I understand that switching to [`cronnet_http`](immich-app#14335 (comment)) would also resolve this. While that may be the correct long-term approach, it looks like there are [a lot of network codepaths](immich-app#15230 (comment)) in Immich, and as I know basically nothing about Dart, nor Flutter, nor Immich's codebase, I thought this would be a better short term approach. For the record: the important code here is copied from my fork of `johnstef99/flutter_user_certificates_android`. See this PR for more context: <johnstef99/flutter_user_certificates_android#2>.
jfly
added a commit
to jfly/immich
that referenced
this pull request
Jul 28, 2025
This is part of immich-app#15230. Frustratingly, Dart/Flutter ignores user-installed certificates. Working around this requires rooting your Android device to install certificates as "system" certs, which isn't an option for everyone. This is a known issue with Dart, see dart-lang/sdk#50435 and flutter/flutter#56607 for details. I have read through <immich-app#15230> and <immich-app#13555>, and I understand that switching to [`cronnet_http`](immich-app#14335 (comment)) would also resolve this. While that may be the correct long-term approach, it looks like there are [a lot of network codepaths](immich-app#15230 (comment)) in Immich, and as I know basically nothing about Dart, nor Flutter, nor Immich's codebase, I thought this would be a better short term approach. For the record: the important code here is copied from my fork of `johnstef99/flutter_user_certificates_android`. See this PR for more context: <johnstef99/flutter_user_certificates_android#2>.
jfly
added a commit
to jfly/immich
that referenced
this pull request
Jul 29, 2025
This is part of immich-app#15230. Frustratingly, Dart/Flutter ignores user-installed certificates. Working around this requires rooting your Android device to install certificates as "system" certs, which isn't an option for everyone. This is a known issue with Dart, see dart-lang/sdk#50435 and flutter/flutter#56607 for details. I have read through <immich-app#15230> and <immich-app#13555>, and I understand that switching to [`cronnet_http`](immich-app#14335 (comment)) would also resolve this. While that may be the correct long-term approach, it looks like there are [a lot of network codepaths](immich-app#15230 (comment)) in Immich, and as I know basically nothing about Dart, nor Flutter, nor Immich's codebase, I thought this would be a better short term approach. For the record: the important code here is copied from my fork of `johnstef99/flutter_user_certificates_android`. See this PR for more context: <johnstef99/flutter_user_certificates_android#2>.
jfly
added a commit
to jfly/immich
that referenced
this pull request
Jul 29, 2025
This is part of immich-app#15230. Frustratingly, Dart/Flutter ignores user-installed certificates. Working around this requires rooting your Android device to install certificates as "system" certs, which isn't an option for everyone. This is a known issue with Dart, see dart-lang/sdk#50435 and flutter/flutter#56607 for details. I have read through <immich-app#15230> and <immich-app#13555>, and I understand that switching to [`cronnet_http`](immich-app#14335 (comment)) would also resolve this. While that may be the correct long-term approach, it looks like there are [a lot of network codepaths](immich-app#15230 (comment)) in Immich, and as I know basically nothing about Dart, nor Flutter, nor Immich's codebase, I thought this would be a better short term approach. For the record: the important code here is copied from my fork of `johnstef99/flutter_user_certificates_android`. See this PR for more context: <johnstef99/flutter_user_certificates_android#2>.
jfly
added a commit
to jfly/immich
that referenced
this pull request
Aug 20, 2025
This is part of immich-app#15230. Frustratingly, Dart/Flutter ignores user-installed certificates. Working around this requires rooting your Android device to install certificates as "system" certs, which isn't an option for everyone. This is a known issue with Dart, see dart-lang/sdk#50435 and flutter/flutter#56607 for details. I have read through <immich-app#15230> and <immich-app#13555>, and I understand that switching to [`cronnet_http`](immich-app#14335 (comment)) would also resolve this. While that may be the correct long-term approach, it looks like there are [a lot of network codepaths](immich-app#15230 (comment)) in Immich, and as I know basically nothing about Dart, nor Flutter, nor Immich's codebase, I thought this would be a better short term approach. For the record: the important code here is copied from my fork of `johnstef99/flutter_user_certificates_android`. See this PR for more context: <johnstef99/flutter_user_certificates_android#2>.
jfly
added a commit
to jfly/immich
that referenced
this pull request
Jan 13, 2026
This is part of immich-app#15230. Frustratingly, Dart/Flutter ignores user-installed certificates. Working around this requires rooting your Android device to install certificates as "system" certs, which isn't an option for everyone. This is a known issue with Dart, see dart-lang/sdk#50435 and flutter/flutter#56607 for details. I have read through <immich-app#15230> and <immich-app#13555>, and I understand that switching to [`cronnet_http`](immich-app#14335 (comment)) would also resolve this. While that may be the correct long-term approach, it looks like there are [a lot of network codepaths](immich-app#15230 (comment)) in Immich, and as I know basically nothing about Dart, nor Flutter, nor Immich's codebase, I thought this would be a better short term approach. For the record: the important code here is copied from my fork of `johnstef99/flutter_user_certificates_android`. See this PR for more context: <johnstef99/flutter_user_certificates_android#2>.
jfly
added a commit
to jfly/immich
that referenced
this pull request
Jan 17, 2026
This is part of immich-app#15230. Frustratingly, Dart/Flutter ignores user-installed certificates. Working around this requires rooting your Android device to install certificates as "system" certs, which isn't an option for everyone. This is a known issue with Dart, see dart-lang/sdk#50435 and flutter/flutter#56607 for details. I have read through <immich-app#15230> and <immich-app#13555>, and I understand that switching to [`cronnet_http`](immich-app#14335 (comment)) would also resolve this. While that may be the correct long-term approach, it looks like there are [a lot of network codepaths](immich-app#15230 (comment)) in Immich, and as I know basically nothing about Dart, nor Flutter, nor Immich's codebase, I thought this would be a better short term approach. For the record: the important code here is copied from my fork of `johnstef99/flutter_user_certificates_android`. See this PR for more context: <johnstef99/flutter_user_certificates_android#2>.
jfly
added a commit
to jfly/immich
that referenced
this pull request
Jan 17, 2026
This is part of immich-app#15230. Frustratingly, Dart/Flutter ignores user-installed certificates. Working around this requires rooting your Android device to install certificates as "system" certs, which isn't an option for everyone. This is a known issue with Dart, see dart-lang/sdk#50435 and flutter/flutter#56607 for details. I have read through <immich-app#15230> and <immich-app#13555>, and I understand that switching to [`cronnet_http`](immich-app#14335 (comment)) would also resolve this. While that may be the correct long-term approach, it looks like there are [a lot of network codepaths](immich-app#15230 (comment)) in Immich, and as I know basically nothing about Dart, nor Flutter, nor Immich's codebase, I thought this would be a better short term approach. For the record: the important code here is copied from my fork of `johnstef99/flutter_user_certificates_android`. See this PR for more context: <johnstef99/flutter_user_certificates_android#2>.
jfly
added a commit
to jfly/immich
that referenced
this pull request
Jan 17, 2026
This is part of immich-app#15230. Frustratingly, Dart/Flutter ignores user-installed certificates. Working around this requires rooting your Android device to install certificates as "system" certs, which isn't an option for everyone. This is a known issue with Dart, see dart-lang/sdk#50435 and flutter/flutter#56607 for details. I have read through <immich-app#15230> and <immich-app#13555>, and I understand that switching to [`cronnet_http`](immich-app#14335 (comment)) would also resolve this. While that may be the correct long-term approach, it looks like there are [a lot of network codepaths](immich-app#15230 (comment)) in Immich, and as I know basically nothing about Dart, nor Flutter, nor Immich's codebase, I thought this would be a better short term approach. For the record: the important code here is copied from my fork of `johnstef99/flutter_user_certificates_android`. See this PR for more context: <johnstef99/flutter_user_certificates_android#2>.
jfly
added a commit
to jfly/immich
that referenced
this pull request
Jan 19, 2026
This is part of immich-app#15230. Frustratingly, Dart/Flutter ignores user-installed certificates. Working around this requires rooting your Android device to install certificates as "system" certs, which isn't an option for everyone. This is a known issue with Dart, see dart-lang/sdk#50435 and flutter/flutter#56607 for details. I have read through <immich-app#15230> and <immich-app#13555>, and I understand that switching to [`cronnet_http`](immich-app#14335 (comment)) would also resolve this. While that may be the correct long-term approach, it looks like there are [a lot of network codepaths](immich-app#15230 (comment)) in Immich, and as I know basically nothing about Dart, nor Flutter, nor Immich's codebase, I thought this would be a better short term approach. For the record: the important code here is copied from my fork of `johnstef99/flutter_user_certificates_android`. See this PR for more context: <johnstef99/flutter_user_certificates_android#2>.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Initial code for server certificate field.