XSF Discussion - 2023-07-11

  1. singpolyma

    https://letsencrypt.org/2023/07/10/cross-sign-expiration.html this seems very likely to affect Android 7 and earlier for most XMPP clients with almost every XMPP service

  2. MattJ

    I wonder how feasible custom trust store stuff shipped with Conversations would be

  3. MattJ

    IIRC C3 already requires a minimum of Android 6 or 7

  4. singpolyma

    I think maybe we just need to special case trust for letsencrypt root and can still use system store on top of that? But yeah something to investigate

  5. Daniel

    Moya ships it's own trust store that contains the letsencrypt intermediate certificate so we don't have to include it in every handshake. (it's combined with the normal trust store in case we ever decide not to use letsencrypt)

  6. Daniel

    So it's relatively easy

  7. Daniel

    C3 currently requires Android 6 not 7

  8. singpolyma


  9. Daniel

    Plus if I'm reading the blog post correctly you'd need at least Android 8, no?

  10. singpolyma

    To not need a workaround? Yes

  11. Daniel

    does anyone have a test domain where they could easily remove the intermediate cert? (I currently only have access to production setups)

  12. Zash

    xmpp:missing-chain.badxmpp.eu ?

  13. pep.


  14. Daniel

    does this do c2s and is this specifically letsencrypt?

  15. Zash


  16. Daniel

    ok cool. let's see

  17. Daniel

    I more or less bindly copied code I already had: https://codeberg.org/iNPUTmice/Conversations/commit/fedd1a68d7622a9e85d3a13529c36e940b854e74 but it seems to work fine with missing-chain.badxmpp.eu