Add a GUI for managing TLS\SSL certificates

Description

Spark needs a GUI dialog, which it could present when a user tries to login to a server with an invalid certificate. It should present why certificate is invalid (maybe it can be pulled from Smack error, but there should be a conversion of this error to a human readable text): self-signed, expired, not trusted authority, mismatching hostname. There should be a button to Proceed anyway, Cancel (which will not let Spark to connect). There should also be a checkbox to add this certificate to the exceptions list (when pressing Proceed button), so it won't ask again on a next login. There could be also a GUI to manage exceptions or just a button somewhere to wipe the list, but that could be added later.

When this GUI is implemented, we should disable by default Accept all certificates and Disable hostname verifications options.These options can stay for those, who are using Spark in a closed environment and think they are safe from certificate spoofing attacks, so they won't bother their users with additional dialogs.

If the certificate is perfectly fine on a first check, Spark shouldn't show any dialog for it. But it shouldn't add such certificate into the exception list. It should validate valid certificates every time it logins. And when a valid certificate becomes invalid (say, expires), then it should show a dialog for it.

Environment

None

Activity

Show:
wroot
December 2, 2017, 7:21 PM

Marking this master ticket as Fixed, as all the sub tickets are done and it is working for the most part. Some polishing is needed, but it will be tracked in

wroot
November 20, 2017, 9:21 PM

Yeah, that's kind of a master ticket of the whole certificates management.

Paweł Ścibiorski
November 20, 2017, 9:07 PM

This one in kind of covered by all of the issues from GSoC 2017 project.

wroot
August 27, 2016, 6:07 AM

There is also a good point in the thread, that a user might want to check what certificate is in use (even if valid). So there could be a GUI for that (maybe pressing on the little lock icon at the bottom of the roster window? Or adding a menu entry somewhere, say File > Certificates).

wroot
August 27, 2016, 6:03 AM

Not sure how this can be implemented (the checking and allowing stuff). Wonder if Smack can let through connection for a particular certificate. Or will you have to accept all certificates and disable verification for all just for one session when a user presses Proceed or adds an exception. Not an ideal option, but could work.

Fixed
Your pinned fields
Click on the next to a field label to start pinning.

Priority

Major

Assignee

Paweł Ścibiorski

Reporter

wroot