starred/floccus

Fork 0

mirror of https://github.com/floccusaddon/floccus.git synced 2026-04-26 22:55:59 +03:00

[GH-ISSUE #1909] support for self signed ssl when using webdav #1276

New issue

Closed

opened 2026-02-25 22:39:32 +03:00 by kerem · 7 comments

kerem commented

2026-02-25 22:39:32 +03:00

Owner

Originally created by @pokegamer5547 on GitHub (Apr 11, 2025).
Original GitHub issue: https://github.com/floccusaddon/floccus/issues/1909

Describe the feature you'd like to request

I use floccus on android with webdav server and it freaks out when i use self signed ssl. I dont want to import my certificate system wide.

Describe the solution you'd like

Allow the user to review and rrust a ssl certificate even if it's self signed.

Describe alternatives you've considered

Or allow users to accept all self signed certs.

Originally created by @pokegamer5547 on GitHub (Apr 11, 2025). Original GitHub issue: https://github.com/floccusaddon/floccus/issues/1909 ### Describe the feature you'd like to request I use floccus on android with webdav server and it freaks out when i use self signed ssl. I dont want to import my certificate system wide. ### Describe the solution you'd like Allow the user to review and rrust a ssl certificate even if it's self signed. ### Describe alternatives you've considered Or allow users to accept all self signed certs.

kerem

2026-02-25 22:39:32 +03:00

closed this issue
added the
enhancement
label

kerem commented

2026-02-25 22:39:32 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Apr 11, 2025):

Hello 👋

Thank you for taking the time to open this issue with floccus. I know it's frustrating when software
causes problems. You have made the right choice to come here and open an issue to make sure your problem gets looked at
and if possible solved. Let me give you a short introduction on what to expect from this issue tracker to avoid misunderstandings.
I'm Marcel. I created floccus a few years ago, and have been maintaining it since. I currently work for Nextcloud
which leaves me with less time for side projects like this one than I used to have.
I still try to answer all issues and if possible fix all bugs here, but it sometimes takes a while until I get to it.
Until then, please be patient. It helps when you stick around to answer follow up questions I may have,
as very few bugs can be fixed directly from the first bug report, without any interaction. If information is missing in your bug report
and the issue cannot be solved without it, I will have to close the issue after a while.
Note also that GitHub in general is a place where people meet to make software better together. Nobody here is under any obligation
to help you, solve your problems or deliver on any expectations or demands you may have, but if enough people come together we can
collaborate to make this software better. For everyone.
Thus, if you can, you could also have a look at other issues to see whether you can help other people with your knowledge
and experience. If you have coding experience it would also be awesome if you could step up to dive into the code and
try to fix the odd bug yourself. Everyone will be thankful for extra helping hands!
If you cannot lend a helping hand, to continue the development and maintenance of this project in a sustainable way,
I ask that you donate to the project when opening an issue (or at least once your issue is solved), if you're not a donor already.
You can find donation options at https://floccus.org/donate/. Thank you!

One last word: If you feel, at any point, like you need to vent, this is not the place for it; you can go to the Nextcloud forum,
to twitter or somewhere else. But this is a technical issue tracker, so please make sure to
focus on the tech and keep your opinions to yourself.

Thank you for reading through this primer. I look forward to working with you on this issue!
Cheers 💙

@github-actions[bot] commented on GitHub (Apr 11, 2025): Hello :wave: Thank you for taking the time to open this issue with floccus. I know it's frustrating when software causes problems. You have made the right choice to come here and open an issue to make sure your problem gets looked at and if possible solved. Let me give you a short introduction on what to expect from this issue tracker to avoid misunderstandings. I'm Marcel. I created floccus a few years ago, and have been maintaining it since. I currently work for Nextcloud which leaves me with less time for side projects like this one than I used to have. I still try to answer all issues and if possible fix all bugs here, but it sometimes takes a while until I get to it. Until then, please be patient. It helps when you stick around to answer follow up questions I may have, as very few bugs can be fixed directly from the first bug report, without any interaction. If information is missing in your bug report and the issue cannot be solved without it, I will have to close the issue after a while. Note also that GitHub in general is a place where people meet to make software better *together*. Nobody here is under any obligation to help you, solve your problems or deliver on any expectations or demands you may have, but if enough people come together we can collaborate to make this software better. For everyone. Thus, if you can, you could also have a look at other issues to see whether you can help other people with your knowledge and experience. If you have coding experience it would also be awesome if you could step up to dive into the code and try to fix the odd bug yourself. Everyone will be thankful for extra helping hands! If you cannot lend a helping hand, to continue the development and maintenance of this project in a sustainable way, I ask that you donate to the project when opening an issue (or at least once your issue is solved), if you're not a donor already. You can find donation options at <https://floccus.org/donate/>. Thank you! One last word: If you feel, at any point, like you need to vent, this is not the place for it; you can go to the Nextcloud forum, to twitter or somewhere else. But this is a technical issue tracker, so please make sure to focus on the tech and keep your opinions to yourself. Thank you for reading through this primer. I look forward to working with you on this issue! Cheers :blue_heart:

kerem commented

2026-02-25 22:39:32 +03:00

Author

Owner

@marcelklehr commented on GitHub (Apr 11, 2025):

Hi @pokegamer5547
for technical reasons in floccus this is quite hard to do. Why can you not import your certificate system wide?

@marcelklehr commented on GitHub (Apr 11, 2025): Hi @pokegamer5547 for technical reasons in floccus this is quite hard to do. Why can you not import your certificate system wide?

kerem commented

2026-02-25 22:39:32 +03:00

Author

Owner

@pokegamer5547 commented on GitHub (Apr 11, 2025):

Hi @pokegamer5547 for technical reasons in floccus this is quite hard to do. Why can you not import your certificate system wide?

I understand. Well, the reason i wanted such support in floccus is cuz i use self signed certs to run servers on my phone itself (via termux), and i dont want them to be a potential target. The only apps where i used such things is for email client called fairemail where it clearly asks user if fingerprint of ssl is trusted, and trusts that fingerprint only and rejects if changed. I wished floccus could had that feature too.

Offtopic: to put it simply, i use floccus like this cuz i dont want to store in any server.

Run local webdav server on termux
Connect floccus to it
Use syncthing to sync the file to other devices (as mobile data ip changes dynamically thus i can't just run webdav globally).

While it was good, i'm planning to put it in enrcytped rclone container rather than relying on floccus encryption and then serve it via webdav. I want to make a script which sends GET request to archive.org to archive all my bookmarks once in a week or so.

@pokegamer5547 commented on GitHub (Apr 11, 2025): > Hi [@pokegamer5547](https://github.com/pokegamer5547) for technical reasons in floccus this is quite hard to do. Why can you not import your certificate system wide? I understand. Well, the reason i wanted such support in floccus is cuz i use self signed certs to run servers on my phone itself (via termux), and i dont want them to be a potential target. The only apps where i used such things is for email client called fairemail where it clearly asks user if fingerprint of ssl is trusted, and trusts that fingerprint only and rejects if changed. I wished floccus could had that feature too. Offtopic: to put it simply, i use floccus like this cuz i dont want to store in any server. 1. Run local webdav server on termux 2. Connect floccus to it 3. Use syncthing to sync the file to other devices (as mobile data ip changes dynamically thus i can't just run webdav globally). While it was good, i'm planning to put it in enrcytped rclone container rather than relying on floccus encryption and then serve it via webdav. I want to make a script which sends GET request to archive.org to archive all my bookmarks once in a week or so.

kerem commented

2026-02-25 22:39:32 +03:00

Author

Owner

@Daryes commented on GitHub (Apr 12, 2025):

By potential target, you mean about the DNS Name visible in the properties of the public certificate ?
If that's the case, your solution would be to create a private CA certificate (self-signed), then use it to sign your ssl certificates for your multiple services.
Given it is not mandatory for a CA to have any ocsp / revocation url or relate information, you can have fictive data everywhere in your CA, the only important factor is having used it to sign your ssl certs on your services.

Then, import in the system only the public cert (pem format) of your CA and you are set for any existing or future ssl service you will create using this CA.

@Daryes commented on GitHub (Apr 12, 2025): By potential target, you mean about the DNS Name visible in the properties of the public certificate ? If that's the case, your solution would be to create a private CA certificate (self-signed), then use it to sign your ssl certificates for your multiple services. Given it is not mandatory for a CA to have any ocsp / revocation url or relate information, you can have fictive data everywhere in your CA, the only important factor is having used it to sign your ssl certs on your services. Then, import in the system only the public cert (pem format) of your CA and you are set for any existing or future ssl service you will create using this CA.

kerem commented

2026-02-25 22:39:32 +03:00

Author

Owner

@pokegamer5547 commented on GitHub (Apr 13, 2025):

By potential target, you mean about the DNS Name visible in the properties of the public certificate ? If that's the case, your solution would be to create a private CA certificate (self-signed), then use it to sign your ssl certificates for your multiple services. Given it is not mandatory for a CA to have any ocsp / revocation url or relate information, you can have fictive data everywhere in your CA, the only important factor is having used it to sign your ssl certs on your services.

Then, import in the system only the public cert (pem format) of your CA and you are set for any existing or future ssl service you will create using this CA.

Um, correct me if i'm wrong as i'm still new to these. Isn't it that if my CA gets leaked, someone could MITM any website i visit?

@pokegamer5547 commented on GitHub (Apr 13, 2025): > By potential target, you mean about the DNS Name visible in the properties of the public certificate ? If that's the case, your solution would be to create a private CA certificate (self-signed), then use it to sign your ssl certificates for your multiple services. Given it is not mandatory for a CA to have any ocsp / revocation url or relate information, you can have fictive data everywhere in your CA, the only important factor is having used it to sign your ssl certs on your services. > > Then, import in the system only the public cert (pem format) of your CA and you are set for any existing or future ssl service you will create using this CA. Um, correct me if i'm wrong as i'm still new to these. Isn't it that if my CA gets leaked, someone could MITM any website i visit?

kerem commented

2026-02-25 22:39:32 +03:00

Author

Owner

@marcelklehr commented on GitHub (Apr 13, 2025):

TLS uses asynchronous encryption. Your CA private key is only used to sign certificates and remains on your machine. You only install your CA's public key on your devices

@marcelklehr commented on GitHub (Apr 13, 2025): TLS uses asynchronous encryption. Your CA private key is only used to sign certificates and remains on your machine. You only install your CA's public key on your devices

kerem commented

2026-02-25 22:39:32 +03:00

Author

Owner

@pokegamer5547 commented on GitHub (Apr 13, 2025):

TLS uses asynchronous encryption. Your CA private key is only used to sign certificates and remains on your machine. You only install your CA's public key on your devices

Oof i forgot about that. Yes, your right. Sorry about it. I'll just create new certs then. Thankyou.

@pokegamer5547 commented on GitHub (Apr 13, 2025): > TLS uses asynchronous encryption. Your CA private key is only used to sign certificates and remains on your machine. You only install your CA's public key on your devices Oof i forgot about that. Yes, your right. Sorry about it. I'll just create new certs then. Thankyou.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/floccus#1276

No description provided.

Rows
Columns