1
0
mirror of https://github.com/moparisthebest/k-9 synced 2024-11-27 11:42:16 -05:00
Commit Graph

4888 Commits

Author SHA1 Message Date
cketti
c1a77181bc Ignore all errors in initialization of TrustedSocketFactory
On Android 2.2 getEnabledProtocols() throws an
ArrayIndexOutOfBoundsException
2013-12-12 16:48:30 +01:00
cketti
211e989472 Fix dutch translation
Fixes issue 6103
2013-12-11 15:52:30 +01:00
cketti
8e422f1183 Switch to a certificate that can be verified on the Cloudbees emulator 2013-12-06 06:53:57 +01:00
cketti
43bf41332d Return proper error message when certificate couldn't be verified against global key store 2013-12-06 06:53:57 +01:00
cketti
25147754e9 Merge branch 'fix_strings' 2013-12-06 03:33:28 +01:00
cketti
4cdbe00732 Remove problematic linebreaks from strings files 2013-12-06 03:14:16 +01:00
cketti
d0a72b4f17 Replace no-break spaces with regular space characters 2013-12-06 03:13:50 +01:00
cketti
85e55e5408 Add script to fix problematic linebreak/whitespace combinations in strings.xml 2013-12-06 00:54:52 +01:00
cketti
9b807c325d Add support for bitcoin URIs 2013-12-05 04:28:28 +01:00
Joe Steele
dab8d3807f Change LocalKeyStore error reporting
The error reporting assures an exception is thrown if
setKeyStoreFile(null) is called without a prior call to
setKeyStoreLocation(String directory).

Also, fix TrustManagerFactoryTest indentation.
2013-12-04 12:10:12 -05:00
cketti
3fd7470d68 Change the way we harden SSL/TLS sockets
Blacklist a couple of weak ciphers, bring known ones in a defined order and sort unknown
ciphers at the end. Also re-enable SSLv3 because it's still used a lot.
2013-12-04 04:50:41 +01:00
cketti
448a80e96a Merge branch 'cert_validation' 2013-12-04 04:46:06 +01:00
Joe Steele
cedcd7e47c Eliminate the need to pass a context to LocalKeyStore.getInstance
Instead, have K9.onCreate initialize the location of the key
store file (similar to what is done with
BinaryTempFileBody.setTempDirectory).

Also, LocalKeyStore.getInstance has been changed so that it
no longer needs to be synchronized.
2013-12-03 19:24:37 -05:00
Joe Steele
9333f4f7f4 Don't delete certs. on account creation, & assure that only one instance of LocalKeyStore is created. 2013-12-03 19:21:57 -05:00
cketti
765b390eb5 Remove LocalKeyStore's dependency on K9.app 2013-12-03 13:28:48 +01:00
cketti
2a9ac867b9 Remove LocalKeyStore's dependency on Account to reduce coupling 2013-12-03 12:56:31 +01:00
Joe Steele
5bf27c1031 Move unit test class to match changes in commit 40404c3 2013-12-02 16:50:57 -05:00
Joe Steele
9e6abf5fa7 Merge branch 'cert_validation' of git://github.com/k9mail/k-9.git into cert_validation
Conflicts:
	tests/src/com/fsck/k9/mail/store/TrustManagerFactoryTest.java
2013-12-02 16:30:11 -05:00
Joe Steele
0f39a9d5ba "upgrade" the LocalKeyStore
Implement an "upgrade" capability for the key store file,
and then use it to delete the old file.

The existing certs in the old file are not a security
risk, but they are now useless because the format of
their aliases was changed in commit a4440b4.  They now are
just taking up storage space and memory.

Users will need to re-accept *ALL* certificates that they had
previously accepted and are still using.  (Actually, this requirement
was effective with commit 4b57d79a.  Before that, certificates whose
Subject matched did not require re-accepting.)
2013-12-02 14:49:53 -05:00
Joe Steele
8eef43c282 Implement pruning of old certificates from LocalKeyStore
Certificates are deleted whenever server settings are changed
or an account is deleted.
2013-12-02 14:49:47 -05:00
Joe Steele
40404c3700 Move some classes out of com.fsck.k9.mail.store
The classes are just as much related to com.fsck.k9.mail.transport
as com.fsck.k9.mail.store, so having them in
com.fsck.k9.mail.store doesn't seem appropriate.

Move LocalKeyStore to com.fsck.k9.security

Move TrustManagerFactory and TrustedSocketFactory to com.fsck.k9.net.ssl
2013-12-02 14:07:57 -05:00
Joe Steele
76605f7d86 Extract code into new LocalKeyStore class
Also, implement the ability to configure an alternate key store
file location. This permits the running of unit tests without
clobbering the live key store file.

Also, add a test to confirm that the key store file is being written
out and reread correctly.
2013-12-02 14:04:40 -05:00
cketti
5f38306a9a Add more unit tests for TrustManagerFactory 2013-12-02 16:42:33 +01:00
Joe Steele
eb13691918 Eliminate the need for reflection to access hidden API 2013-11-30 18:34:57 -05:00
cketti
4b57d79acf Only check against the certificate stored for a server, not all of them 2013-11-29 14:06:02 +01:00
cketti
8368ba8a11 Add test to make sure we don't check the wrong certificates
Right now we happily accept every certificate in our local key store as long as
the hostname matches the certificate DN. So this test fails.
It's not a huge deal since the user accepted the certificate at one point. But we
want to do this right.
2013-11-29 11:39:04 +01:00
cketti
c5c195d243 Add unit tests for TrustManagerFactory 2013-11-29 10:49:52 +01:00
cketti
48d11fd386 Properly save and restore instance state in AccountSetupBasics 2013-11-29 05:33:48 +01:00
Joe Steele
a4440b4042 Fix inadequate certificate validation
Proper host name validation was not being performed for certificates
kept in the local keystore.  If an attacker could convince a user to
accept and store an attacker's certificate, then that certificate
could be used for MITM attacks, giving the attacker access to all
connections to all servers in all accounts in K-9.

This commit changes how the certificates are stored.  Previously, an
entire certificate chain was stored for a server (and any of those
certificates in the chain were available for validating signatures on
certificates received when connecting).  Now just the single
certificate for the server is stored.

This commit changes how locally stored certificates are retrieved.
They can only be retrieved using the host:port that the user
configured for the server.

This also fixes issue 1326.  Users can now use different certificates
for different servers on the same host (listening to different ports).

The above changes mean that users might have to re-accept certificates
that they had previously accepted and are still using (but only if the
certificate's Subject doesn't match the host that they are connecting
to).

This commit modifies AccountSetupBasics so that it now calls
AccountSetupCheckSettings twice -- once for checking the incoming
settings and once for the outgoing settings.  Otherwise, an exception
could occur while checking incoming settings, the user could say
continue (or the user could accept a certificate key), and the
outgoing settings would not be checked.  This also helps with
determining if a certificate exception was for the incoming or
outgoing server, which is needed if the user decides to add the
certificate to the keystore.
2013-11-23 13:26:57 -05:00
Danny Baumann
b500047e42 Fix contact picture color generation.
Make sure to return different colors for senders with different name,
but the same mail address (e.g. mails sent by certain issue tracking
systems).
2013-11-11 13:31:58 +01:00
cketti
0eb24512b0 Merge pull request #417 from bk2204/tsf-starttls
Use TrustedSocketFactory for STARTTLS
2013-11-10 18:17:37 -08:00
cketti
f4ebc098c4 Recreate app icon from SVG file
Add higher resolution icons so K-9 looks snazzy on newer devices.
2013-11-11 01:09:09 +01:00
cketti
042bd70290 Merge branch 'translations' 2013-11-10 23:11:50 +01:00
cketti
febf9b2fb3 Clean up Hungarian translation 2013-11-10 22:58:16 +01:00
RootRulez
9fee3e50c8 Update Hungarian translation 2013-11-10 22:50:23 +01:00
igavio
2a77aa1e41 Update Greek translation 2013-11-10 22:49:42 +01:00
Igor Nedoboy
9ea241f897 Update Russian translation 2013-11-10 22:49:00 +01:00
Jan Urbánek
b4c4dea527 Update Czech translation 2013-11-10 22:48:22 +01:00
Jacek Sowiński
37272fbaf4 Update Polish translation
new strings + one typo
2013-11-10 22:47:36 +01:00
brian m. carlson
1bfb78ee51 Use TrustedSocketFactory for STARTTLS.
The TrustedSocketFactory, which provides goodies like better cipher suites and
TLSv1.2, was only being used for tunnelled connections.  Use it for STARTTLS
connections as well.
2013-11-10 00:27:01 +00:00
Jesse Vincent
d4246a0976 With the new webview scrollview combo we've got loadinoverviewmode seems to behave better. 2013-11-07 10:39:37 -08:00
cketti
b398c4d7f4 Fix file selection for import
Using FLAG_ACTIVITY_NO_HISTORY will cause the file selection
to fail when KitKat's "Open from" activity opens a third-party activity.
2013-11-07 07:33:33 +01:00
cketti
9fe71bca2d Add Gradle wrapper 2013-11-07 06:48:10 +01:00
cketti
c58ef8bbc5 Upgrade Gradle build files 2013-11-07 06:48:10 +01:00
Koji Arai
6d08e69690 Fixed typo. 2013-11-06 23:39:08 +09:00
Koji Arai
fb6e8bc25b Updated Japanese translation of the changelog. 2013-11-06 23:23:56 +09:00
Jesse Vincent
5475f47bcf Bumped manifest to 4.701 2013-11-05 20:29:16 -05:00
Jesse Vincent
0986e822d2 changelog for 4.701 2013-11-05 20:28:46 -05:00
Jesse Vincent
e20e513039 Sadly, KitKat's file manager fails to recognize our mimetype and won't let users import settings 2013-11-05 20:19:27 -05:00
Jesse Vincent
8f19d56f00 Merge pull request #415 from zjw/non_locking_scroll_view_rebased
Kit Kat UI issue
2013-11-05 16:59:12 -08:00