Self-signed certificate #789
Description
My homeserver is in a private network and has a self-signed certificate.
Like Element and the other clients, Syphon should
- on the first connection, save the cert
- on every connection, check if the cert has changed
2.1. fail, if the cert has changed
Today it does not log in, because the certificate is not installed on the phone and is not trusted by the root CAs.
In the case of a public domain, self-signed is a red flag. Maybe the app could expect self-signed if a private IP address was typed (as it's impossible to have a CA-signed cert) and then do TOFU.
I could add the cert to the system trust store, but I'd rather do TOFU in-app than have users let strangers put hands on the system settings, possibly outside the trust store.