mirror of
https://github.com/moparisthebest/k-9
synced 2024-08-13 17:03:48 -04:00
21cc3d9176
With this commit, KeyChainKeyManager no longer throws the exception and AccountSetupCheckSettings no longer catches it. It was being thrown when the server requested a client certificate but no client certificate alias had been configured for the server. The code was making the incorrect assumption that the server would only request a client certificate when such a certificate was *required*. However, servers can be configured to accept multiple forms of authentication, including both password authentication and client certificate authentication. So a server may request a certificate without requiring it. If a user has not configured a client certificate, then that should not be treated as an error because the configuration may be valid and the server may accept it. The only indication that a certificate is *required* is when a SSLProtocolException is thrown, caused by a SSLHandshakeException resulting from a fatal handshake alert message received from the server. Unfortunately, such a message is fairly generic and only "indicates that the sender was unable to negotiate an acceptable set of security parameters given the options available." So there is no definitive way to know that a client certificate is required. Also, KeyChainKeyManager.getCertificateChain() and getPrivateKey() no longer throw IllegalStateException(). These methods are permitted to return null, and such a response is appropriate if the user has deleted client certificates from the device. Again, this may or may not cause the server to abort the connection, depending on whether the server *requires* a client certificate. |
||
|---|---|---|
| .. | ||
| arrays.xml | ||
| attrs.xml | ||
| colors.xml | ||
| constants.xml | ||
| dimensions.xml | ||
| ids.xml | ||
| strings.xml | ||
| styles.xml | ||
| themes.xml | ||