From e013adf7f3e30c5dd2fe1e75f38744eb4a0b9326 Mon Sep 17 00:00:00 2001 From: M66B Date: Fri, 8 Dec 2023 08:33:15 +0100 Subject: [PATCH] Struct certificate checking by default --- app/src/main/java/eu/faircode/email/ApplicationEx.java | 5 +++++ app/src/main/java/eu/faircode/email/EmailService.java | 2 +- .../java/eu/faircode/email/FragmentOptionsConnection.java | 2 +- app/src/main/java/eu/faircode/email/Log.java | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/app/src/main/java/eu/faircode/email/ApplicationEx.java b/app/src/main/java/eu/faircode/email/ApplicationEx.java index d432dcb7cb..2407cff258 100644 --- a/app/src/main/java/eu/faircode/email/ApplicationEx.java +++ b/app/src/main/java/eu/faircode/email/ApplicationEx.java @@ -831,6 +831,11 @@ public class ApplicationEx extends Application editor.putBoolean("updown", false); } else if (version < 2113) editor.remove("send_more"); + else if (version < 2137) { + // https://support.google.com/faqs/answer/6346016 + if (!prefs.contains("cert_strict")) + editor.putBoolean("cert_strict", !BuildConfig.PLAY_STORE_RELEASE); + } if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O && !BuildConfig.DEBUG) editor.remove("background_service"); diff --git a/app/src/main/java/eu/faircode/email/EmailService.java b/app/src/main/java/eu/faircode/email/EmailService.java index 784cdab42a..4b703edc7d 100644 --- a/app/src/main/java/eu/faircode/email/EmailService.java +++ b/app/src/main/java/eu/faircode/email/EmailService.java @@ -189,7 +189,7 @@ public class EmailService implements AutoCloseable { this.log = prefs.getBoolean("protocol", false); this.ssl_harden = prefs.getBoolean("ssl_harden", false); this.ssl_harden_strict = prefs.getBoolean("ssl_harden_strict", false); - this.cert_strict = prefs.getBoolean("cert_strict", !BuildConfig.PLAY_STORE_RELEASE); + this.cert_strict = prefs.getBoolean("cert_strict", true); boolean auth_plain = prefs.getBoolean("auth_plain", true); boolean auth_login = prefs.getBoolean("auth_login", true); diff --git a/app/src/main/java/eu/faircode/email/FragmentOptionsConnection.java b/app/src/main/java/eu/faircode/email/FragmentOptionsConnection.java index 4e3a7037c9..5d622cd0f2 100644 --- a/app/src/main/java/eu/faircode/email/FragmentOptionsConnection.java +++ b/app/src/main/java/eu/faircode/email/FragmentOptionsConnection.java @@ -658,7 +658,7 @@ public class FragmentOptionsConnection extends FragmentBase implements SharedPre swSslHarden.setChecked(prefs.getBoolean("ssl_harden", false)); swSslHardenStrict.setChecked(prefs.getBoolean("ssl_harden_strict", false)); swSslHardenStrict.setEnabled(swSslHarden.isChecked()); - swCertStrict.setChecked(prefs.getBoolean("cert_strict", !BuildConfig.PLAY_STORE_RELEASE)); + swCertStrict.setChecked(prefs.getBoolean("cert_strict", true)); swOpenSafe.setChecked(prefs.getBoolean("open_safe", false)); swBouncyCastle.setChecked(prefs.getBoolean("bouncy_castle", false)); swFipsMode.setChecked(prefs.getBoolean("bc_fips", false)); diff --git a/app/src/main/java/eu/faircode/email/Log.java b/app/src/main/java/eu/faircode/email/Log.java index 3dd00c6b48..3b1387054a 100644 --- a/app/src/main/java/eu/faircode/email/Log.java +++ b/app/src/main/java/eu/faircode/email/Log.java @@ -2923,7 +2923,7 @@ public class Log { boolean tcp_keep_alive = prefs.getBoolean("tcp_keep_alive", false); boolean ssl_harden = prefs.getBoolean("ssl_harden", false); boolean ssl_harden_strict = (ssl_harden && prefs.getBoolean("ssl_harden_strict", false)); - boolean cert_strict = prefs.getBoolean("cert_strict", !BuildConfig.PLAY_STORE_RELEASE); + boolean cert_strict = prefs.getBoolean("cert_strict", true); boolean open_safe = prefs.getBoolean("open_safe", false); size += write(os, "timeout=" + timeout + "s" + (timeout == EmailService.DEFAULT_CONNECT_TIMEOUT ? "" : " !!!") + "\r\n");