Fedilab Apps

It seems that #Fedilab started to fail for some instances. That happens on older devices (Android 5 and 6).
We will reintroduce conscrypt to patch the security provider for older devices.
https://github.com/google/conscrypt

GitHub - google/conscrypt: Conscrypt is a Java Security Provider that implements parts of the Java Cryptography Extension and Java Secure Socket Extension.

Conscrypt is a Java Security Provider that implements parts of the Java Cryptography Extension and Java Secure Socket Extension. - google/conscrypt

^GitHub

#fedilab

in reply to Fedilab Apps

Daniel Gultsch

in reply to Fedilab Apps • 4 weeks ago • •

This sounds like a Problem with Letsencrypt. Letsencrypt has stopped cross signing their certifates with a root that older Android versions have.
Introducing conscrypt won't fix the issue.
You'll have to bundle the Letsencrypt root.

Here is how #Conversations_im did it: https://codeberg.org/iNPUTmice/Conversations/commit/88851ea12a9ea9d546a04321742a9656733291c3

The commit has also a link to a blog post explaining the issue.

bundle letsencrypt root certificates · 88851ea12a

as per https://letsencrypt.org/2023/07/10/cross-sign-expiration.html Letsencrypt is dropping support for Android <= 7 by removing cross signing. to keep supporting older Android versions we need to bundle the root cert ourselves.

^Codeberg.org

#conversations_im

in reply to Daniel Gultsch

Fedilab Apps

in reply to Daniel Gultsch • 4 weeks ago • •

@daniel
Thanks for sharing!

@Daniel Gultsch

⇧

Fedilab Apps

Fedilab Apps 4 weeks ago • •

GitHub - google/conscrypt: Conscrypt is a Java Security Provider that implements parts of the Java Cryptography Extension and Java Secure Socket Extension.

Daniel Gultsch

bundle letsencrypt root certificates · 88851ea12a

Fedilab Apps

Fedilab Apps
4 weeks ago • •