Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS Client/mutual authentication #1711

Closed
almandin opened this issue Feb 12, 2020 · 6 comments · Fixed by #2624
Closed

TLS Client/mutual authentication #1711

almandin opened this issue Feb 12, 2020 · 6 comments · Fixed by #2624
Labels
👍 improvement

Comments

@almandin
Copy link

  • Your Rocket.Chat Experimental app version: 4.4.0
  • Your Rocket.Chat server version: 2.4.9
  • Device (or Simulator) you're running with: android 7.0

Hi there,
I'm trying to install rocket chat with TLS client authentication. I currently set it up with Traefik and it is working like a charm but the application won't connect to the server despite my user certificate being valid and available in the android user certificate store.
I tried to access the rocket chat server with a web browser with the android phone and everything works well (server-side configuration with traefik is valid, the user certificate is valid and is signed by the CA configured in traefik).

I saw this commit, merged in the develop branch : #1125 and the associated branch feature.ssl-pinning which seems to allow that feature.

Am I wrong about rocket chat supporting client authentication ? Is it implemented ? If not, will it be soon ?
Thanks for your help.
@diegolmello
Copy link
Member

It's not implemented on Android yet.

@almandin
Copy link
Author

Okay, I thought this git repository was android specific but I guess the same code base runs on both android and iOS systems. Any chance for it to be implemented soon for android ? :)

@almandin
Copy link
Author

A PR was filed for the legacy android app btw : RocketChat/Rocket.Chat.Android#2007

@diegolmello
Copy link
Member

@almandin Nice! Thanks for bringing attention to this.

@CantBelieveThisWorks
Copy link

@diegolmello Could you comment on what is missing to get commit #1125 running on android?
On first glance, the only difference seems to be that on iOS it is showing the certificatePicker, and therefore, a client certificate can be used.
So, is the bottleneck in the way Android is treating certificates, and therefore, only a new certificatePicker for android has to be written, or is there more missing to get this running on Android?

@djorkaeffalexandre
Copy link
Collaborator

djorkaeffalexandre commented Apr 14, 2020
edited
Loading

Hey @CantBelieveThisWorks, it's not easily to do, we need to change the core of React Native adding a SSL Pinning before all requests and websocket connection.
Select the certificate is the more easy part of this, the complexity is to pin this certificate on OKHTTP builder and handle the websocket, how you can see on the legacy android app it's not implemented on websocket layer because it's really hard, and for us it have some extra complication because we're using a framework (React Native) that wrap somethings about network.
Without websocket connection you can't use our app, it'll raise a lot of issues.
Feel free to implement this, if you want.
Just for my information, it's working fine to your server on iOS Devices?
Thanks in advance.

@djorkaeffalexandre djorkaeffalexandre mentioned this issue Nov 10, 2020
Merged
18 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
👍 improvement
Projects
None yet
Milestone
No milestone
4 participants
@diegolmello @almandin @djorkaeffalexandre @CantBelieveThisWorks