Support self signed certificates added to android root CA

[RodoMa92]

Sadly, your app do not seems to support additional certificates set by users in the root CA of an Android phone. Connection to a https endpoint configured like that will fail.

I can workaround this temporarily (by exporting an http port directly on the docker host connection) but please consider add support for it in the future in order to allow people like me to use an internal dns network without exposing dawarich outside my VPN.

Thanks for this great application, it's getting better every day :)

Marco.

[RodoMa92]

I'm not sure if this is the problem, since it doesn't seem to want to connect even when using http. Works fine on my browser. This might actually be a bug rather than an unsupported feature.

[IeP4nieF]

Sadly, your app do not seems to support additional certificates set by users in the root CA of an Android phone. Connection to a https endpoint configured like that will fail.

I can confirm this. When I try to connect to my instance, which uses a certificate of my own CA, then the app will not connect. Message is: "Unable to reach the host. Please try again.". From a browser I can reach my instance.

The same happens with nearly every App on android, when it comes to connect to https-servers which are using a certificate by an self operated CA. Obviously Android does not take care of root-certificates installed under "Settings ->Security and privacy ->More security and privacy ->Encryption and credentials ->Trusted credentials ->User". This makes IMHO no sense, because everyone expects that every app take notice of the root certificates installed there. Obviously and sadly every app dev has to take care of this root-certificates by itself.

Can you please change the missleading errormessage at least? Saying someting about the problem with the tls-connections or certificate would be great.

[RodoMa92]

I'm not even sure if it's detectable at an app level from the error message; IIRC a lot of frameworks just report failed to connect and that's it. I might be wrong tho.