1
0
mirror of https://github.com/moparisthebest/k-9 synced 2024-11-24 02:12:15 -05:00
Commit Graph

20 Commits

Author SHA1 Message Date
Joe Steele
daea7f1ecd Eliminate the 'if available' connection security options
These options originated in the AOSP email client from which K-9 Mail was
forked.  They provide an odd combination of 2 features:

1. Don't bother to authenticate the server's certificate (applies to both
SSL/TLS and STARTTLS); i.e., blindly accept all certificates.  This is
generally a bad security policy which is susceptible to MITM attacks.

2. If STARTTLS is selected but the server doesn't claim to support
STARTTLS, then proceed without using encryption.  This, too, is a bad
security policy which is susceptible to MITM attacks.

Since the time that K-9 Mail was forked, a couple things have changed:

> K-9 Mail has implemented the ability for users to review and permanently
accept individual certificates that would otherwise fail authentication.
With this ability, there is no need for a user to subject themselves to
the ongoing risks of feature 1. above.  Hence, this commit removes feature
1.

> The AOSP email client has changed its behavior and no longer permits a
security downgrade to an unencrypted connection if the server doesn't
claim to support STARTTLS (i.e., they eliminated feature 2. above). K-9
Mail should do the same.  It's unlikely that a server is going to provide
STARTTLS on an intermittent basis, so providing a contingency for such
unusual behavior is an unnecessary risk.  Hence, this commit removes that
feature as well.

Effect on existing users:

If the old connection security setting was "SSL/TLS (if available)" (which
now gets remapped to "SSL/TLS"), and the server does not provide a
certificate that can be authenticated, then a "Certificate error for
<account name>" notification is generated telling the user to check their
server settings.  Tapping the notification takes the user to the relevant
server settings, where the user can tap "Next" to review the certificate
and choose to permanently accept it.  This process would occur during the
first syncing of folders after application upgrade or (in the case of
SMTP) during the first attempt to send a message.

If the connection security setting was "STARTTLS (if available)" (which
now gets remapped to "STARTTLS"), and the server does not provide a
certificate that can be authenticated, then the same process as above
would occur.

If the old connection security setting was "STARTTLS (if available)", and
the server doesn't claim to support STARTTLS, then the user would get a
certificate error notification which would lead them to the server's
settings.  There they would need to choose a different connection security
-- most likely "NONE".  If they didn't change anything but instead just
tapped "Next", the server settings would be checked again and a dialog
would pop up saying, "Cannot connect to server. (STARTTLS connection
security not available)". (The implementation of notifications when
STARTTLS is not available is not actually included here -- it's in the
commit that follows.)

Regarding the changes to providers.xml:  in cases where the scheme ended
with "+ssl", the schemes were simply updated by appending "+".  In cases
where the scheme ended with "+tls", a check of the server was made to
assure that STARTTLS was available before appending "+" to the scheme.
Domains paran.com and nate.com failed the check and were removed because
no current information could be found.  Domains me.com and mac.com also
failed and were updated based on http://support.apple.com/kb/ht4864.
2014-03-03 17:23:00 -05:00
pyler
94cafccec2 Update Slovak translation 2014-01-05 00:42:30 +01:00
cketti
06ec852090 Rename plurals to make Transifex happy 2014-01-04 01:44:31 +01:00
cketti
4cdbe00732 Remove problematic linebreaks from strings files 2013-12-06 03:14:16 +01:00
cketti
ef3ba02a89 Merge pull request #400 from zjw/change_line_endings
Fix problems related to the saving and retrieval of drafts
2013-10-19 21:22:29 +02:00
cketti
43d1084047 Run script to sync translations 2013-10-19 18:03:50 +02:00
pyler
a3d06b1271 Update Slovak translation 2013-10-19 17:29:31 +02:00
Joe Steele
ef01cabccc Remove \n from R.string.message_compose_reply_header_fmt
This string resource is used in two places -- both with and without the
linefeed at the end.  Instead of having a linefeed in the string and
having the code remove it if not needed, the linefeed is now omitted from
the string and the code adds it if needed.

Also, the line ending is changed from \n to \r\n.

Also, the string in the DE and FR locales had linefeeds at the start that
were removed so they match all the other locales.

(The string in the zh-rTW locale was left alone, since it had no
linefeeds.  It looks like that file has numerous instances where \n was
replaced with actual newlines, which is probably not correct.)
2013-10-11 11:39:48 -04:00
pyler
72e9b3e5b8 Updated Slovak translation 2013-09-27 19:38:54 +02:00
Koji Arai
80232132c5 Added detailed description for narrow devices 2013-09-18 16:52:17 +09:00
pyler
f72309b431 SK translation 2013-08-31 17:43:35 +02:00
cketti
ef467eb806 Run script to sync translations 2013-08-29 21:24:58 +02:00
cketti
22e6c8cdbe Add visual indicator that a menu item opens a submenu
This isn't the best solution. Most of the developers agree that a right-aligned
triangle or arrow would be a better fit for such an indicator. But we currently
don't have the time to write the code to do it.
Personally, I think we should try to get rid of submenus altogether.
2013-08-29 21:24:15 +02:00
pyler
1966c1f38a SK translation 2013-08-27 11:32:35 +02:00
cketti
e6d6744f55 Rename string to better convey the meaning
notification_action_read -> notification_action_mark_as_read
2013-07-23 20:12:48 +02:00
cketti
61bd371bc1 Rename "SSL" to "SSL/TLS" and "TLS" to "STARTTLS"
Fixes issue 5775
2013-07-18 20:02:54 +02:00
pylerSM
c739141862 Another fix 2013-07-15 10:16:01 +02:00
pylerSM
90154d5be1 Sk fixes 2013-07-12 15:04:57 +02:00
pylerSM
6fcfbe8432 SK translation - fixes 2013-07-12 12:06:12 +02:00
pyler sm
00179a8a32 Add Slovak translation 2013-07-11 02:35:56 +02:00