1
0
Fork 0
mirror of https://github.com/syncthing/syncthing-android.git synced 2024-12-23 03:11:30 +00:00

Fallback to http if https with TLS 1.2 is unavailable (fixes #1255) (#1281)

This commit is contained in:
Catfriend1 2019-02-28 21:13:57 +01:00 committed by Simon Frei
parent 3dcaed4142
commit 4537a28d75
3 changed files with 41 additions and 6 deletions

View file

@ -157,10 +157,13 @@ public abstract class ApiRequest {
}
@Override
protected HttpURLConnection createConnection(URL url) throws IOException {
if (mUrl.toString().startsWith("https://")) {
HttpsURLConnection connection = (HttpsURLConnection) super.createConnection(url);
connection.setHostnameVerifier((hostname, session) -> true);
return connection;
}
return super.createConnection(url);
}
}
private SSLSocketFactory getSslSocketFactory() {

View file

@ -1,6 +1,7 @@
package com.nutomic.syncthingandroid.service;
import android.content.Context;
import android.os.Build;
import android.os.Environment;
import java.io.File;
@ -112,4 +113,28 @@ public class Constants {
static File getLogFile(Context context) {
return new File(context.getExternalFilesDir(null), "syncthing.log");
}
/**
* Decide if we should enforce HTTPS when accessing the Web UI and REST API.
* Android 4.4 and earlier don't have support for TLS 1.2 requiring us to
* fall back to an unencrypted HTTP connection to localhost. This applies
* to syncthing core v0.14.53+.
*/
public static Boolean osSupportsTLS12() {
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {
// Pre-Lollipop devices don't support TLS 1.2
return false;
}
if (Build.VERSION.SDK_INT == Build.VERSION_CODES.N) {
/**
* SSLProtocolException: SSL handshake failed on Android N/7.0,
* missing support for elliptic curves.
* See https://issuetracker.google.com/issues/37122132
*/
return false;
}
return true;
}
}

View file

@ -106,8 +106,9 @@ public class ConfigXml {
}
public URL getWebGuiUrl() {
String urlProtocol = Constants.osSupportsTLS12() ? "https" : "http";
try {
return new URL("https://" + getGuiElement().getElementsByTagName("address").item(0).getTextContent());
return new URL(urlProtocol + "://" + getGuiElement().getElementsByTagName("address").item(0).getTextContent());
} catch (MalformedURLException e) {
throw new RuntimeException("Failed to parse web interface URL", e);
}
@ -154,9 +155,15 @@ public class ConfigXml {
}
/* Section - GUI */
// Enforce TLS.
Element gui = getGuiElement();
changed = setConfigElement(gui, "tls", "true") || changed;
// Platform-specific: Force REST API and Web UI access to use TLS 1.2 or not.
Boolean forceHttps = Constants.osSupportsTLS12();
if (!gui.hasAttribute("tls") ||
Boolean.parseBoolean(gui.getAttribute("tls")) != forceHttps) {
gui.setAttribute("tls", forceHttps ? "true" : "false");
changed = true;
}
// Set user to "syncthing"
changed = setConfigElement(gui, "user", "syncthing") || changed;