Le lundi 14 octobre 2013 à 17:32 +0300, Paul Sokolovsky a écrit : > So, it's likely not that "author thinks it's bad", but he probably > doesn't know about the issue at all.
He does, it's explicitly told on his website. It's a choice he made and I know many other apps that detect and ask whether to use a self-signed certificate. > Shouldn't *Replicant* allow to import *any* certificate regardless if > some vendor Android or AOSP put additional restrictions on certificate? That's not it. The system holds a list of certification authorities (and their certificates) that apps use to approve a certificate or not, but it does not hold per-website SSL certificates, it's simply not its function (it's not because of a restriction from Google). On GNU/Linux as well, applications have to accept and store self-signed SSL certificates individually, there is no auth mechanism to do it system-wide, but it is the case with certification authorities certificates. Correct me if I'm wrong, but at least that's how I understood things from my perspective. _______________________________________________ Replicant mailing list Replicant@lists.osuosl.org http://lists.osuosl.org/mailman/listinfo/replicant
