Details
-
Task
-
Resolution: Fixed
-
Critical
-
2.7.0
-
Security Level: Public
-
3
Description
In this forum post:
https://forums.couchbase.com/t/server-tls-certificate-untrusted-error-connecting-to-sync-gateway/29087/7
Jeff Lockhart implies that the interaction between replicators and Android's network-security configuration is more complex than we suspected. In particular:
apparently there’s a requirement that if you have a <domain-config> defined (“Domain specific configuration”), even if it’s to set cleartextTrafficPermitted="true", it requires implementing checkServerTrusted(X509Certificate[], String, String) in some way. This function is part of the X509TrustManager API.
We need to do a couple of experiments to understand the interaction, and then describe it in the Android documentation