I _love_ Subsonic, and I love being able to play anything from my music collection directly on my HTC Hero.
I was disappointed that later versions of the Android app appeared to have done away with any kind of HTTPS support, so I reviewed the source code and have come up with a 2 line patch that reinstates HTTPS support.
The following is a diff against the trunk of the android app in subversion:
- Code: Select all
Index: src/net/sourceforge/subsonic/androidapp/service/RESTMusicService.java
===================================================================
--- src/net/sourceforge/subsonic/androidapp/service/RESTMusicService.java (revision 1431)
+++ src/net/sourceforge/subsonic/androidapp/service/RESTMusicService.java (working copy)
@@ -42,6 +42,7 @@
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
+import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.apache.http.params.BasicHttpParams;
@@ -115,6 +116,7 @@
// Create and initialize scheme registry
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
+ schemeRegistry.register(new Scheme("https", SSLSocketFactory.getSocketFactory(), 443));
// Create an HttpClient with the ThreadSafeClientConnManager.
// This connection manager must be used if more than one thread will
This trivially enables the use of HTTPS URIs to access Subsonic. I have my Subsonic hosted behind an SSL-enabled Apache server using a proxying rewrite to my Subsonic server, and this now works like a charm!
NB. this will only enable support for recognised certificate authorities so it won't work with self-signed certificates. I use a FreeSSL certificate and have manually imported their CA into the certificate authority database on my phone (requires root access). (Why Google don't include this in Android by default I have no idea, but that's another story!)
I am happy to provide some instructions on how to do this for "seasoned" users (more likely a series of references), but it's not a good idea to mess about with root access or CA databases unless you know what you're doing!
If there's enough interest, I'll see if I can expand the above to use a separate (or additional?) keystore for Subsonic for Android to allow self-signed certs to work, but I'm uncertain how much work will be involved - or whether or not Sindre already has this task in hand!
Thanks again for Subsonic - a killer app.