Repositories stored on servers with self signed certificates is not supported. about sgit HOT 9 CLOSED

Adding a root certificate for a self signed certificate is done at the OS level on Android. Instructions for how to do it for Android 4 onwards can be found here: http://stackoverflow.com/a/22040887/85472

from sgit.

Sorry for not support such feature. The git repo is in [sdcard dir]/Android/data/me.sheimi.sgit/files/repo. you may manually configure it here. Other features will be added in the following versions. Thanks for your support.

from sgit.

No worries that is just what I needed to know. Thanks!

from sgit.

Adding http.sslVerify = false to [sdcard dir]/Android/data/me.sheimi.sgit/files/repo/myrepo/.git/config causes the app to crash on opening the repo.

from sgit.

If you don't verify certificates, you'll loose the benefits of HTTPs. Anyone who spoofs your DNS-Setup, could setup a https-proxy with a self-signed cert. If you don't check the cert, you can't be sure, that you communicate only with your server such a proxy and you don't know if someone reads everything. If it would be the case, the encryption is not given anymore and you could use just http. It is way much better, to import this single self-signed cert into your CAstore of Android and enable sslVerification. So if you don't communicate with your server, it will mockup!

from sgit.

Maybe instead of adding an option to disable SSL there could be an easier way to "accept" the certificate and add it to CAstore permanently. This is more functionality though then github itself provides. The issue I have with adding the cert manually to the CAstore is that I then need to do this on every device I configure. It can get very tedious. In the long run I don't mind losing some of the benefit of https (a malicious entity would still have to target me directly). If I was concerned with someone spoofing my repository I would pay for a CA signed ceritficate.

from sgit.

Maybe instead of adding an option to disable SSL there could be an easier way to "accept" the certificate and add it to CAstore permanently.

Yeah, you said it! Use http!

General Question: Did you consider using a CA-certificate from StartSSL or using SSH?

from sgit.

Using http is not the same level of security as using https with a self signed certificate. On top of that I have always had issues with git over http. I didn't look into it much, and this may be the right approach instead of disabling ssl.

I did consider SSH but that added it's own complications. It's worth noting that SSH is no more secure than using a self signed https certificate, and simply adding the certificate upon first use. In my opinion this is the optimal way to handle self-signed certs, and essentially is what SSH does.

To solve my particular problem, I eventually ended up getting a CA-signed certificate, but there is a valid use case for accepting self-signed certs one way or another.

from sgit.

Any news on this? Contacted the author via the "Feedback" menu but no response.

from sgit.