Allow local doh for dnscrypt

[mvevitsis]

App will not allow dnscrypt to start if local_doh settings in toml are uncommented.

Otherwise, I think theoretically it should work if the user CA (e.g. from mkcert) is installed to the android system.

This is necessary for ECH support in Firefox.

Theoretically, it should work even without this workaround if
network.dns.native.https-query = true
(see: https://bugzilla.mozilla.org/show_bug.cgi?id=1500289)
but in my testing, this does not work with invizible:

Chromium based browsers are unaffected; ECH works properly in both Samsung internet and regular Google Chrome.

[Gedsh]

This feature is not currently supported. InviZible does not include the required certificate file. I will implement it over time if you are interested in having it available.

[mvevitsis]

Yes, I would like to see this implemented.

I want to use my own certificate file as I already have one I made with mkcert. This works great on desktop dnscrypt-proxy.
However, even with correct the file path to the certificates specified, I cannot get inviZible to start dnscrypt-proxy with these lines uncommented.

[Gedsh]

with correct the file path to the certificates specified

You should put the certificate in an app's internal folder. For example, /data/data/pan.alexander.tordnscrypt/app_data/dnscrypt-proxy, which can only be done with the root.

[mvevitsis]

I don't have root, so it would need file access to a dedicated folder in internal storage
Something like /storage/emulated/0/invizible

[Gedsh]

This would require permission to access all files, which users won't like. In addition, it violates Play Market policy. The only solution is to implement a way to add the certificate to an internal folder. This is possible, but requires time and effort.

[mvevitsis]

This would require permission to access all files, which users won't like. In addition, it violates Play Market policy. The only solution is to implement a way to add the certificate to an internal folder. This is possible, but requires time and effort.

Ok, well if possible I would like to see it implemented.

[mvevitsis]

There is no need for root.

Your app already has a folder in Android/data to store some files
I made a new folder in there called certificates and pushed my certs using ADB.
Specified these in the toml and it works:

Success.

Notes for anyone else who needs this:
Install root ca using Android system settings.
Chrome will recognize it automatically but for Firefox you need to activate developer mode (press Firefox logo a bunch of times in 'about') then go to secret settings and enable allow 3rd party ca certs.

[Gedsh]

pushed my certs using ADB

This folder is not accessible in modern android versions through the regular file manager. I don't think most users will like using ADB.

[mvevitsis]

pushed my certs using ADB

This folder is not accessible in modern android versions through the regular file manager. I don't think most users will like using ADB.

Right, you cannot access this folder without adb (or shizuku/rish if you want to do it on your phone).

I used rish inside termux, then just regular commands like mkdir and cp to place everything.