1
0
mirror of https://github.com/moparisthebest/k-9 synced 2024-12-18 05:42:15 -05:00
Commit Graph

5217 Commits

Author SHA1 Message Date
Joe Steele
76605f7d86 Extract code into new LocalKeyStore class
Also, implement the ability to configure an alternate key store
file location. This permits the running of unit tests without
clobbering the live key store file.

Also, add a test to confirm that the key store file is being written
out and reread correctly.
2013-12-02 14:04:40 -05:00
cketti
5f38306a9a Add more unit tests for TrustManagerFactory 2013-12-02 16:42:33 +01:00
Joe Steele
eb13691918 Eliminate the need for reflection to access hidden API 2013-11-30 18:34:57 -05:00
cketti
4b57d79acf Only check against the certificate stored for a server, not all of them 2013-11-29 14:06:02 +01:00
cketti
8368ba8a11 Add test to make sure we don't check the wrong certificates
Right now we happily accept every certificate in our local key store as long as
the hostname matches the certificate DN. So this test fails.
It's not a huge deal since the user accepted the certificate at one point. But we
want to do this right.
2013-11-29 11:39:04 +01:00
cketti
c5c195d243 Add unit tests for TrustManagerFactory 2013-11-29 10:49:52 +01:00
cketti
48d11fd386 Properly save and restore instance state in AccountSetupBasics 2013-11-29 05:33:48 +01:00
Joe Steele
a4440b4042 Fix inadequate certificate validation
Proper host name validation was not being performed for certificates
kept in the local keystore.  If an attacker could convince a user to
accept and store an attacker's certificate, then that certificate
could be used for MITM attacks, giving the attacker access to all
connections to all servers in all accounts in K-9.

This commit changes how the certificates are stored.  Previously, an
entire certificate chain was stored for a server (and any of those
certificates in the chain were available for validating signatures on
certificates received when connecting).  Now just the single
certificate for the server is stored.

This commit changes how locally stored certificates are retrieved.
They can only be retrieved using the host:port that the user
configured for the server.

This also fixes issue 1326.  Users can now use different certificates
for different servers on the same host (listening to different ports).

The above changes mean that users might have to re-accept certificates
that they had previously accepted and are still using (but only if the
certificate's Subject doesn't match the host that they are connecting
to).

This commit modifies AccountSetupBasics so that it now calls
AccountSetupCheckSettings twice -- once for checking the incoming
settings and once for the outgoing settings.  Otherwise, an exception
could occur while checking incoming settings, the user could say
continue (or the user could accept a certificate key), and the
outgoing settings would not be checked.  This also helps with
determining if a certificate exception was for the incoming or
outgoing server, which is needed if the user decides to add the
certificate to the keystore.
2013-11-23 13:26:57 -05:00
Danny Baumann
b500047e42 Fix contact picture color generation.
Make sure to return different colors for senders with different name,
but the same mail address (e.g. mails sent by certain issue tracking
systems).
2013-11-11 13:31:58 +01:00
cketti
0eb24512b0 Merge pull request #417 from bk2204/tsf-starttls
Use TrustedSocketFactory for STARTTLS
2013-11-10 18:17:37 -08:00
cketti
f4ebc098c4 Recreate app icon from SVG file
Add higher resolution icons so K-9 looks snazzy on newer devices.
2013-11-11 01:09:09 +01:00
cketti
042bd70290 Merge branch 'translations' 2013-11-10 23:11:50 +01:00
cketti
febf9b2fb3 Clean up Hungarian translation 2013-11-10 22:58:16 +01:00
RootRulez
9fee3e50c8 Update Hungarian translation 2013-11-10 22:50:23 +01:00
igavio
2a77aa1e41 Update Greek translation 2013-11-10 22:49:42 +01:00
Igor Nedoboy
9ea241f897 Update Russian translation 2013-11-10 22:49:00 +01:00
Jan Urbánek
b4c4dea527 Update Czech translation 2013-11-10 22:48:22 +01:00
Jacek Sowiński
37272fbaf4 Update Polish translation
new strings + one typo
2013-11-10 22:47:36 +01:00
brian m. carlson
1bfb78ee51 Use TrustedSocketFactory for STARTTLS.
The TrustedSocketFactory, which provides goodies like better cipher suites and
TLSv1.2, was only being used for tunnelled connections.  Use it for STARTTLS
connections as well.
2013-11-10 00:27:01 +00:00
Jesse Vincent
d4246a0976 With the new webview scrollview combo we've got loadinoverviewmode seems to behave better. 2013-11-07 10:39:37 -08:00
cketti
b398c4d7f4 Fix file selection for import
Using FLAG_ACTIVITY_NO_HISTORY will cause the file selection
to fail when KitKat's "Open from" activity opens a third-party activity.
2013-11-07 07:33:33 +01:00
cketti
9fe71bca2d Add Gradle wrapper 2013-11-07 06:48:10 +01:00
cketti
c58ef8bbc5 Upgrade Gradle build files 2013-11-07 06:48:10 +01:00
Koji Arai
6d08e69690 Fixed typo. 2013-11-06 23:39:08 +09:00
Koji Arai
fb6e8bc25b Updated Japanese translation of the changelog. 2013-11-06 23:23:56 +09:00
Jesse Vincent
5475f47bcf Bumped manifest to 4.701 2013-11-05 20:29:16 -05:00
Jesse Vincent
0986e822d2 changelog for 4.701 2013-11-05 20:28:46 -05:00
Jesse Vincent
e20e513039 Sadly, KitKat's file manager fails to recognize our mimetype and won't let users import settings 2013-11-05 20:19:27 -05:00
Jesse Vincent
8f19d56f00 Merge pull request #415 from zjw/non_locking_scroll_view_rebased
Kit Kat UI issue
2013-11-05 16:59:12 -08:00
Joe Steele
6089b9078e Fix missing 'download remainder' button. 2013-11-05 18:17:41 -05:00
Joe Steele
5957735a0b LinearLayout fill_parent
(Don't think it really matters.)
2013-11-05 18:17:39 -05:00
Joe Steele
1cbdd390f3 Use non-deprecated constants 2013-11-05 16:26:29 -05:00
Joe Steele
5311a2ef01 NonLockingScrollview fixes.
Implement methods missing in API 7

Fix coordinate reference frame mismatch.  Touch events are
relative to the view display, whereas view children are relative
to the view.
2013-11-05 16:26:28 -05:00
Joe Steele
fa962e7bd7 Move AOSP files.
Patch RigidWebView for K9.
MessageWebView would need to extend RigidWebView.
2013-11-05 16:26:27 -05:00
Joe Steele
97d571cb43 Import RigidWebView from AOSP Email client.
Also import prerequisite classes.

As contained in current master:
b3c37a31cc
2013-11-05 16:26:26 -05:00
Joe Steele
7b0082026c Revert auto-scroll changes that are no longer needed.
Revert "Only Jelly Bean seems to have the auto-scroll issue"

This reverts commit a3802a7a8e.

Revert "Hack around WebView's initial auto-scrolling past the message header"

This reverts commit 8dcc769c50.

Conflicts:

	src/com/fsck/k9/view/MessageWebView.java
2013-11-05 16:26:25 -05:00
Joe Steele
94a4585317 Switch to using NonLockingScrollView
This implements the AOSP Email solution for incorporating
a Webview inside a ScrollView, while still being able to
scroll diagonally.

This replaces the functionality of TitleBarWebView (which
is now removed).
2013-11-05 16:26:23 -05:00
Joe Steele
f4de21187d Import NonLockingScrollView from AOSP Email client.
As contained in current AOSP master:
b3c37a31cc
2013-11-05 16:24:48 -05:00
cketti
a036e4d2f9 Merge branch 'tls-hardening' 2013-10-29 04:40:06 +01:00
cketti
a97705ffa9 Refactor TrustedSocketFactory 2013-10-29 04:37:52 +01:00
cketti
8f45d76b5c Extract WebDavSocketFactory 2013-10-29 03:42:37 +01:00
Koji Arai
f7562e1b0f Updated Japanese translation. catch up with ef01cab. 2013-10-28 21:27:34 +09:00
Andrew Chen
58699190a4 Merge pull request #406 from bboa/master
Update ru translation
2013-10-27 11:44:55 -07:00
Igor Nedoboy
aa1d7f87b9 Update strings.xml 2013-10-22 10:35:36 +04:00
russian k-9 mail user
5d1abd89bf Update strings.xml 2013-10-21 05:05:09 +04:00
russian k-9 mail user
42bea0fbc0 Update strings.xml 2013-10-21 05:04:25 +04:00
russian k-9 mail user
f57fd551e2 Sync with ChangeLog translation 2013-10-20 14:33:29 +04:00
russian k-9 mail user
5b967d46a8 PullToRefresh plugin RU translation updated 2013-10-20 14:30:42 +04:00
russian k-9 mail user
d3fea3ebb2 ChangeLog plugin RU strings added 2013-10-20 14:28:41 +04:00
András Veres-Szentkirályi
105d3b3c4e filter TLS protocol versions by support as well 2013-10-20 10:42:39 +02:00