mirror of
https://github.com/moparisthebest/k-9
synced 2024-12-24 08:38:51 -05:00
a4440b4042
Proper host name validation was not being performed for certificates kept in the local keystore. If an attacker could convince a user to accept and store an attacker's certificate, then that certificate could be used for MITM attacks, giving the attacker access to all connections to all servers in all accounts in K-9. This commit changes how the certificates are stored. Previously, an entire certificate chain was stored for a server (and any of those certificates in the chain were available for validating signatures on certificates received when connecting). Now just the single certificate for the server is stored. This commit changes how locally stored certificates are retrieved. They can only be retrieved using the host:port that the user configured for the server. This also fixes issue 1326. Users can now use different certificates for different servers on the same host (listening to different ports). The above changes mean that users might have to re-accept certificates that they had previously accepted and are still using (but only if the certificate's Subject doesn't match the host that they are connecting to). This commit modifies AccountSetupBasics so that it now calls AccountSetupCheckSettings twice -- once for checking the incoming settings and once for the outgoing settings. Otherwise, an exception could occur while checking incoming settings, the user could say continue (or the user could accept a certificate key), and the outgoing settings would not be checked. This also helps with determining if a certificate exception was for the incoming or outgoing server, which is needed if the user decides to add the certificate to the keystore. |
||
---|---|---|
assets | ||
compile-only-libs | ||
docs | ||
gradle/wrapper | ||
images | ||
libs | ||
plugins | ||
res | ||
src/com/fsck/k9 | ||
tests | ||
tests-on-jvm | ||
tools | ||
.gitignore | ||
.gitmodules | ||
.project | ||
ActionBarSherlock.iml | ||
Android-PullToRefresh.iml | ||
Android.mk | ||
AndroidManifest.xml | ||
ant.properties | ||
build_common.xml | ||
build.gradle | ||
build.xml | ||
ckChangeLog.iml | ||
gradlew | ||
gradlew.bat | ||
HoloColorPicker.iml | ||
HTMLCLEANER_LICENSE | ||
k9mail.iml | ||
k9mail.ipr | ||
MODULE_LICENSE_APACHE2 | ||
NOTICE | ||
proguard.cfg | ||
project.properties | ||
settings.gradle |