[feature/tls-diff] TLS certificate comparison

[felix-schwarz]

Description

When logging into an account and experiencing a different certificate that does not fulfill the rules for automatic acceptance as replacement, the issue it brings up now shows the differences between the two certificates to allow an informed decision by the user.

Screenshots (if appropriate):

Certificate diff	Certificate diff (chain segment)	Diff of next certificate in the chain

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ hosy
❌ felix-schwarz
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[jesmrec]

any way to build a server in which this feature can be tested?

CC @michaelstingl

[michaelstingl]

any way to build a server in which this feature can be tested?

Valid cert ==> invalid cert

first connect to real server with SSL (demo.owncloud.org), then connect through mitmproxy with hacky-hacky cert. cert diff should show you plenty of differences

Valid cert ==> other valid cert

Setup server with Traefik and let's encrypt (Cloudflare DNS only), then enable Cloudflare SSL proxy in front of it…
(maybe too mich effort for this tiny feature)

[jesmrec]

i will try that. I was trying to avoid much extra effort setting up environments, but there will be room for learning.

[felix-schwarz]

@jesmrec If you haven't tested this in an other way, yet: there is a quick guide on how to test this here in the SDK repo: https://github.com/owncloud/ios-sdk/blob/master/doc/TESTING.md#simulating-certificate-changes

The files used in that example are next to it and can be found here.

[jesmrec]

@jesmrec If you haven't tested this in an other way, yet: there is a quick guide on how to test this here in the SDK repo: https://github.com/owncloud/ios-sdk/blob/master/doc/TESTING.md#simulating-certificate-changes

The files used in that example are next to it and can be found here.

Thanks a lot!! that was totally helpful!!

It works fine from my side. Information correctly shown in different themes, orientations, devices and fields.

just two considerations from my side:

• The option Show/Hide works only in case the difference exists. If certificate is shown for the first time or revoked, option Show/Hide does nothing. Nothing bad nor blocker.

• Current branch points to an sdk commit that does not build. I've tested agains latest one 3a73b20. Just for you to take in account when merging.

[hosy]

@jesmrec I commit the latest SDK commit into this branch. Not sure if this solves the problem, but you can have a look again. If this issue still exists, we can move forward after adding a new issue for that problem and we can solve this in 11.5.1. But you are right, UI elements without function should be hidden.

[jesmrec]

@jesmrec I commit the latest SDK commit into this branch. Not sure if this solves the problem, but you can have a look again. If this issue still exists, we can move forward after adding a new issue for that problem and we can solve this in 11.5.1. But you are right, UI elements without function should be hidden.

SDK correctly updated. The UX issue is not a blocker, just a minor detail.

approved

[felix-schwarz]

@jesmrec Good catch. I made a change so that the Show ± button only appears if there are any differences to be shown.

[jesmrec]

@jesmrec Good catch. I made a change so that the Show ± button only appears if there are any differences to be shown.

works perfect! now it's more than approved.