Create a network-security-config thingy to use the system CA bundles

avanier · Sep 22, 2022 · 229f038 · 229f038
1 parent 4c12353
commit 229f038
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/android/app/src/main/AndroidManifest.xml b/android/app/src/main/AndroidManifest.xml
@@ -9,7 +9,7 @@
          In most cases you can leave this as-is, but you if you want to provide
          additional functionality it is fine to subclass or reimplement
          FlutterApplication and put your custom class here. -->
-  <application android:name="${applicationName}" android:label="Finamp" android:icon="@mipmap/ic_launcher" android:usesCleartextTraffic="true" android:requestLegacyExternalStorage="true" android:allowBackup="false" android:fullBackupContent="false">
+  <application android:name="${applicationName}" android:label="Finamp" android:icon="@mipmap/ic_launcher" android:usesCleartextTraffic="true" android:requestLegacyExternalStorage="true" android:allowBackup="false" android:fullBackupContent="false" android:networkSecurityConfig="@xml/network_security_config">
     <activity android:name="com.ryanheise.audioservice.AudioServiceActivity" android:launchMode="singleTop" android:theme="@style/LaunchTheme" android:configChanges="orientation|keyboardHidden|keyboard|screenSize|smallestScreenSize|locale|layoutDirection|fontScale|screenLayout|density|uiMode" android:hardwareAccelerated="true" android:windowSoftInputMode="adjustResize" android:exported="true">
       <!-- Specifies an Android theme to apply to this Activity as soon as
                  the Android process has started. This theme is visible to the user

diff --git a/android/app/src/main/res/xml/network_security_config.xml b/android/app/src/main/res/xml/network_security_config.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config>
+    <base-config>
+        <trust-anchors>
+          <certificates src="user" />
+          <certificates src="system" />
+        </trust-anchors>
+    </base-config>
+    <!-- everything below is really just provided as an exmaple of trying to
+    force this thing to eat additional CAs and just won't. This seems to be a
+    known bug.
+
+    https://github.com/flutter/flutter/issues/65841#issuecomment-692810524 -->
+    <domain-config>
+      <domain includeSubdomains="true">somedomain.test</domain>
+      <trust-anchors>
+        <!-- <certificates src="@raw/trusted_roots"/> -->
+        <certificates src="system"/>
+        <certificates src="user"/>
+      </trust-anchors>
+    </domain-config>
+</network-security-config>