[pve-devel] [PATCH pve_flutter_frontend v2 1/1] fix: android: add network config to support custom certificates

Shan Shaji s.shaji at proxmox.com
Thu Sep 4 12:09:54 CEST 2025 

Apps targeting Android 6 (API level 23) and lower trust the user added
CA store by default. However, apps targeting > API level 23 need to
explicity mention trust anchor in the security configuration [0] to
trust user installed certificates.

[0] - https://developer.android.com/privacy-and-security/security-config#manifest

References:
- https://developer.android.com/privacy-and-security/security-config#CustomTrust
- https://developer.android.com/privacy-and-security/security-config#ConfigInheritance
- https://developer.android.com/privacy-and-security/security-config#trust-anchors
- https://developer.android.com/privacy-and-security/security-config#certificates

Signed-off-by: Shan Shaji <s.shaji at proxmox.com>
---
 android/app/src/main/AndroidManifest.xml                 | 3 ++-
 android/app/src/main/res/xml/network_security_config.xml | 9 +++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 android/app/src/main/res/xml/network_security_config.xml

diff --git a/android/app/src/main/AndroidManifest.xml b/android/app/src/main/AndroidManifest.xml
index b699752..66135eb 100644
--- a/android/app/src/main/AndroidManifest.xml
+++ b/android/app/src/main/AndroidManifest.xml
@@ -5,7 +5,8 @@
 
     <application
         android:label="Proxmox Virtual Environment"
-        android:icon="@mipmap/ic_launcher">
+        android:icon="@mipmap/ic_launcher"
+        android:networkSecurityConfig="@xml/network_security_config">
 
         <activity
             android:name="com.proxmox.app.pve_flutter_frontend.MainActivity"
diff --git a/android/app/src/main/res/xml/network_security_config.xml b/android/app/src/main/res/xml/network_security_config.xml
new file mode 100644
index 0000000..37a8e3f
--- /dev/null
+++ b/android/app/src/main/res/xml/network_security_config.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config>
+    <base-config>
+        <trust-anchors>
+            <certificates src="system"/>
+            <certificates src="user"/>
+        </trust-anchors>
+    </base-config>
+</network-security-config>
\ No newline at end of file
-- 
2.47.2

More information about the pve-devel mailing list