On Fri, Aug 05, 2011 at 04:06:10PM +1200, Jason Haar wrote:

So does anyone know of a working stunnel implementation for Android (or even something else that does the same job?)

Android already has a certificate manager that will accept CA's, client certs and so on. I would focus on modifying the Java (as much as I hate to admit it) code as opposed to any Rube Goldberg-esque implementation with a stunnel daemon.

If you want to see how convoluted it can get, pull the Cyanogenmod source [1] and grep for openvpn. I'm currently working on integrating openconnect [2] into CM, it's a hassle to put it mildly.

However, in both those cases, it's necessary because those daemons are the only way to interact with tun.ko properly. In your scenario, Android and CM already have openssl / x509 support built in.

If you're just interested in doing it for yourself, take a look at lildebi [3]. It'll create a debian chroot fs on an android phone. Then you just apt-get install stunnel and you're off to the races.

If you're looking for a deployable, maintainable solution, pay your current email client provider to add certificate support. Or, if imaps is a possibility in your infrastructure, use k-9 [4].

hth,

Jason.

[1] http://wiki.cyanogenmod.com/wiki/Nexus_One:_Compile_CyanogenMod_%28Linux%29#... [2] http://www.infradead.org/openconnect.html [3] https://guardianproject.info/code/lildebi/ [4] http://code.google.com/p/k9mail/