1
0
mirror of https://github.com/moparisthebest/k-9 synced 2024-11-23 18:02:15 -05:00
Go to file
Joe Steele daea7f1ecd Eliminate the 'if available' connection security options
These options originated in the AOSP email client from which K-9 Mail was
forked.  They provide an odd combination of 2 features:

1. Don't bother to authenticate the server's certificate (applies to both
SSL/TLS and STARTTLS); i.e., blindly accept all certificates.  This is
generally a bad security policy which is susceptible to MITM attacks.

2. If STARTTLS is selected but the server doesn't claim to support
STARTTLS, then proceed without using encryption.  This, too, is a bad
security policy which is susceptible to MITM attacks.

Since the time that K-9 Mail was forked, a couple things have changed:

> K-9 Mail has implemented the ability for users to review and permanently
accept individual certificates that would otherwise fail authentication.
With this ability, there is no need for a user to subject themselves to
the ongoing risks of feature 1. above.  Hence, this commit removes feature
1.

> The AOSP email client has changed its behavior and no longer permits a
security downgrade to an unencrypted connection if the server doesn't
claim to support STARTTLS (i.e., they eliminated feature 2. above). K-9
Mail should do the same.  It's unlikely that a server is going to provide
STARTTLS on an intermittent basis, so providing a contingency for such
unusual behavior is an unnecessary risk.  Hence, this commit removes that
feature as well.

Effect on existing users:

If the old connection security setting was "SSL/TLS (if available)" (which
now gets remapped to "SSL/TLS"), and the server does not provide a
certificate that can be authenticated, then a "Certificate error for
<account name>" notification is generated telling the user to check their
server settings.  Tapping the notification takes the user to the relevant
server settings, where the user can tap "Next" to review the certificate
and choose to permanently accept it.  This process would occur during the
first syncing of folders after application upgrade or (in the case of
SMTP) during the first attempt to send a message.

If the connection security setting was "STARTTLS (if available)" (which
now gets remapped to "STARTTLS"), and the server does not provide a
certificate that can be authenticated, then the same process as above
would occur.

If the old connection security setting was "STARTTLS (if available)", and
the server doesn't claim to support STARTTLS, then the user would get a
certificate error notification which would lead them to the server's
settings.  There they would need to choose a different connection security
-- most likely "NONE".  If they didn't change anything but instead just
tapped "Next", the server settings would be checked again and a dialog
would pop up saying, "Cannot connect to server. (STARTTLS connection
security not available)". (The implementation of notifications when
STARTTLS is not available is not actually included here -- it's in the
commit that follows.)

Regarding the changes to providers.xml:  in cases where the scheme ended
with "+ssl", the schemes were simply updated by appending "+".  In cases
where the scheme ended with "+tls", a check of the server was made to
assure that STARTTLS was available before appending "+" to the scheme.
Domains paran.com and nate.com failed the check and were removed because
no current information could be found.  Domains me.com and mac.com also
failed and were updated based on http://support.apple.com/kb/ht4864.
2014-03-03 17:23:00 -05:00
.tx Add Transifex config 2014-01-04 01:52:09 +01:00
assets Recreate app icon from SVG file 2013-11-11 01:09:09 +01:00
compile-only-libs upgrade our android-support library in the hopes that the newer version 2013-07-17 18:36:31 -04:00
docs Added diagram that visualizes activity interactions 2011-10-27 19:13:13 +02:00
gradle/wrapper Update build.gradle to work with latest Android Studio 2014-01-04 01:40:56 +01:00
images Change appearance of unread widget 2013-03-16 01:57:21 +01:00
libs Use ADT's magic to include the necessary libraries from lib/ 2012-09-08 21:44:49 -07:00
plugins Upgrade Gradle build files 2013-11-07 06:48:10 +01:00
res Eliminate the 'if available' connection security options 2014-03-03 17:23:00 -05:00
src/com/fsck/k9 Eliminate the 'if available' connection security options 2014-03-03 17:23:00 -05:00
tests Use localized strings for authentication type 2014-02-25 15:22:35 -05:00
tests-on-jvm Added tests on JVM. 2013-09-21 09:23:33 +09:00
tools Add script to fix problematic linebreak/whitespace combinations in strings.xml 2013-12-06 00:54:52 +01:00
.gitignore Update .gitignore 2013-12-29 18:45:16 -05:00
.gitmodules Kill our use of submodules dead. They're too painful for new contributors 2012-11-24 17:15:01 -05:00
.project Simplify Eclipse setup. 2013-05-31 18:00:45 -04:00
ActionBarSherlock.iml IntelliJ IDEA: Update android support version per e796468256. 2013-01-09 13:24:30 -08:00
Android-PullToRefresh.iml IntelliJ IDEA: 12.0 updates. 2012-12-18 15:11:47 -08:00
Android.mk Enable AOSP builds 2014-02-10 20:00:16 +01:00
AndroidManifest.xml Bumped manifest to 4.902 2014-02-23 01:36:17 +01:00
build_common.xml fixed location of ant-contrib.jar in build_common.xml when running ant from tests/. 2012-06-07 22:57:41 -05:00
build.gradle Build with SDK 19 2014-02-10 20:43:16 +01:00
build.xml build.xml improvements 2014-02-24 17:04:29 -05:00
ckChangeLog.iml IntelliJ IDEA: Project updates to drag in ckChangeLog. 2013-01-09 13:26:42 -08:00
gradlew Add Gradle wrapper 2013-11-07 06:48:10 +01:00
gradlew.bat Add Gradle wrapper 2013-11-07 06:48:10 +01:00
HoloColorPicker.iml Add pom and IntelliJ configuration for HoloColorPicker 2013-01-17 02:16:24 -08:00
HTMLCLEANER_LICENSE Merge ashleywillis' changes in https://github.com/k9mail/k-9/pull/97. 2011-11-14 14:00:15 -08:00
k9mail.iml Add pom and IntelliJ configuration for HoloColorPicker 2013-01-17 02:16:24 -08:00
k9mail.ipr Add pom and IntelliJ configuration for HoloColorPicker 2013-01-17 02:16:24 -08:00
MODULE_LICENSE_APACHE2 Initial commit - This source code should be EXACTLY what the current version of the 'Email' application in the android repo looks like as of this date. 2008-10-28 01:04:44 +00:00
NOTICE Initial commit - This source code should be EXACTLY what the current version of the 'Email' application in the android repo looks like as of this date. 2008-10-28 01:04:44 +00:00
proguard.cfg Enable AOSP builds 2014-02-10 20:00:16 +01:00
project.properties Build with SDK 19 2014-02-10 20:43:16 +01:00
settings.gradle Add initial Gradle support 2013-06-28 23:59:08 +02:00