Ignore auto-generated files that result from
"android update lib-project" (which is invoked within "ant debug").
Some of the plugins (library projects) already have their own
.gitignore file which includes the exclusions made here. This
commit assures that the exclusions are applied to *all* plugins,
regardless.
This, of course, has no effect on files that have already been
intentionally checked into the git repository (such as the main
build.xml).
Technically, the code still supports SDK 8. But we don't want users to get stuck
on a 4.9xx version when we do remove compatibility with old Android versions.
The error reporting assures an exception is thrown if
setKeyStoreFile(null) is called without a prior call to
setKeyStoreLocation(String directory).
Also, fix TrustManagerFactoryTest indentation.
Blacklist a couple of weak ciphers, bring known ones in a defined order and sort unknown
ciphers at the end. Also re-enable SSLv3 because it's still used a lot.
Instead, have K9.onCreate initialize the location of the key
store file (similar to what is done with
BinaryTempFileBody.setTempDirectory).
Also, LocalKeyStore.getInstance has been changed so that it
no longer needs to be synchronized.
Implement an "upgrade" capability for the key store file,
and then use it to delete the old file.
The existing certs in the old file are not a security
risk, but they are now useless because the format of
their aliases was changed in commit a4440b4. They now are
just taking up storage space and memory.
Users will need to re-accept *ALL* certificates that they had
previously accepted and are still using. (Actually, this requirement
was effective with commit 4b57d79a. Before that, certificates whose
Subject matched did not require re-accepting.)
The classes are just as much related to com.fsck.k9.mail.transport
as com.fsck.k9.mail.store, so having them in
com.fsck.k9.mail.store doesn't seem appropriate.
Move LocalKeyStore to com.fsck.k9.security
Move TrustManagerFactory and TrustedSocketFactory to com.fsck.k9.net.ssl
Also, implement the ability to configure an alternate key store
file location. This permits the running of unit tests without
clobbering the live key store file.
Also, add a test to confirm that the key store file is being written
out and reread correctly.
Right now we happily accept every certificate in our local key store as long as
the hostname matches the certificate DN. So this test fails.
It's not a huge deal since the user accepted the certificate at one point. But we
want to do this right.