Only show the custom certificate popup when using EteSync interactively

With this change, we make it so using a self-signed certificate will have to be authorised on the first login rather than checked every time on the background. This was causing annoying issues with networks that mitm SSL connections, and anyhow, we shouldn't be asking users to trust bad certs when in 99.9% of the cases it would either be an attack or a broken network. Fixes #36
5 years ago · 5090a3206e
parent ee2dad4d19
commit 5090a3206e
1 changed files with 10 additions and 6 deletions
--- a/app/src/main/java/com/etesync/syncadapter/HttpClient.kt
+++ b/app/src/main/java/com/etesync/syncadapter/HttpClient.kt
@ -89,7 +89,6 @@ class HttpClient private constructor(
            context?.let {
                val dbHelper = ServiceDB.OpenHelper(context)
                val settings = Settings(dbHelper.readableDatabase)
-                val distrustSystemCerts = settings.getBoolean(App.DISTRUST_SYSTEM_CERTIFICATES, false)

                try {
                    if (settings.getBoolean(App.OVERRIDE_PROXY, false)) {
@ -107,9 +106,6 @@ class HttpClient private constructor(
                } finally {
                    dbHelper.close()
                }
-
-                //if (BuildConfig.customCerts)
-                customCertManager(CustomCertManager(context, !distrustSystemCerts))
            }

            // use account settings for authentication
@ -177,6 +173,16 @@ class HttpClient private constructor(
        }

        fun build(): HttpClient {
+            //if (BuildConfig.customCerts)
+            context?.let {
+                val dbHelper = ServiceDB.OpenHelper(context)
+                val settings = Settings(dbHelper.readableDatabase)
+
+                // Only make it interactive if app is in foreground
+                customCertManager(CustomCertManager(context, foreground, !settings.getBoolean(App.DISTRUST_SYSTEM_CERTIFICATES, false), foreground))
+                dbHelper.close()
+            }
+
            val trustManager = certManager ?: {
                val factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
                factory.init(null as KeyStore?)
@ -225,8 +231,6 @@ class HttpClient private constructor(
            orig.sslSocketFactory(CertTlsSocketFactory(keyManager, trustManager), trustManager)
            orig.hostnameVerifier(hostnameVerifier)

-            certManager?.appInForeground = foreground
-
            return HttpClient(orig.build(), certManager)
        }