-
-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow using installed client certificate #70
Comments
I've received a few requests for this. I'm not an expert at all on the topic, so I'll have to research this first. It does seem useful though, so I'll look into it. The app uses |
Hi,
@zindable As Apple limits the access to the OS Keychain that is not possible, but each app (or keychain group) can import them into their own keychain. I´m currently trying to implement this feature here: Fork (WiP) |
@Nils-witt awesome! Looking forward to a PR on this! |
@zindable I pushed @Nils-witt's changes to TestFlight now. Could you give this a try? |
I tried to add a certificate, but got |
@Finkregh I've found in my testing that it dependents on details of the certificate. I haven't tried this in Immich, but this app is using the iOS API for this pretty much directly, so if it doesn't work it's highly likely it's because of Apple's framework. If you created the I found this out through trial and error trying to import a client cert first straight into macOS keychain and then into the app (the crypto framework is the same). Can you give that a shot? |
It works, nice! In the Ui it's not clear how I can remove servers, Btw :) |
@Finkregh I added a logout button right in the settings screen now. |
A first version will be in |
I'm having issues with this as well. I've seen from the logs that the certificate has been loaded properly, but I'm unable to get the login working anyway. I have tried to debug everything, cert is valid and loaded correctly, yet logs don't help to understand if the certificate has been sent or not. Any guesses? |
In my configuration, I distinguish between external traffic originating from the internet and internal traffic within the local network. While internal traffic enjoys direct access to my services, external requests undergo additional authentication via mutual TLS (mTLS), terminated on my proxy.
I stumbled upon a demo showcasing how mTLS can be implemented in Swift. However, as I'm not proficient in Swift development, I'm uncertain about its feasibility.
Would it be possible for the app to show a list of installed profiles/certificates and utilize them in cases where the server mandates client authentication at the TLS layer?
The text was updated successfully, but these errors were encountered: