remove HTTPS pinning and TOFU until the bugs get worked out

This reverts to only using standard HTTPS verification based on Certificate Authorities. This means that self-signed certificates will not work at all since that is what MemorizingTrustManager was providing. It seems to me that this was originally working because MemorizingTrustManager was not correctly validating. I couldn't figure out why PinningTrustManager alone was not working. But we need to get good stable release out! I'm leaving all the plumbing in place because this stuff should be included once its all fixed and working properly. You can see where it was added here: 254327f9a7700c8196e61f53801f1f12ac825806 refs #80 https://gitlab.com/fdroid/fdroidclient/issues/80
2014-09-04 23:24:40 -04:00 · 2014-09-04 23:24:40 -04:00 · 0429b3f7dd
commit 0429b3f7dd
parent c9b08ffdd7
2 changed files with 5 additions and 42 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,7 @@
+
+* reverted self-signed support since it was broken, only HTTPS certificates
+  with proper CA signatures will work for now
+
 ### 0.71 (2014-08-05)

 * Added "local repo" support to host an F-Droid repo on the device itself, with
--- a/src/org/fdroid/fdroid/FDroidApp.java
+++ b/src/org/fdroid/fdroid/FDroidApp.java
@ -40,7 +40,6 @@ import android.os.Message;
 import android.os.Messenger;
 import android.os.RemoteException;
 import android.preference.PreferenceManager;
-import android.util.Log;
 import android.widget.Toast;

 import com.nostra13.universalimageloader.cache.disc.impl.LimitedAgeDiscCache;
@ -49,8 +48,6 @@ import com.nostra13.universalimageloader.core.ImageLoader;
 import com.nostra13.universalimageloader.core.ImageLoaderConfiguration;
 import com.nostra13.universalimageloader.utils.StorageUtils;

-import de.duenndns.ssl.MemorizingTrustManager;
-
 import org.fdroid.fdroid.Preferences.ChangeListener;
 import org.fdroid.fdroid.compat.PRNGFixes;
 import org.fdroid.fdroid.data.AppProvider;
@ -59,18 +56,10 @@ import org.fdroid.fdroid.data.Repo;
 import org.fdroid.fdroid.localrepo.LocalRepoService;
 import org.fdroid.fdroid.net.IconDownloader;
 import org.fdroid.fdroid.net.WifiStateChangeService;
-import org.thoughtcrime.ssl.pinning.PinningTrustManager;
-import org.thoughtcrime.ssl.pinning.SystemKeyStore;

 import java.io.File;
-import java.security.KeyManagementException;
-import java.security.NoSuchAlgorithmException;
 import java.util.Set;

-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
-
 public class FDroidApp extends Application {

    // for the local repo on this device, all static since there is only one
@ -192,37 +181,7 @@ public class FDroidApp extends Application {
            .build();
        ImageLoader.getInstance().init(config);

-        try {
-            SSLContext sc = SSLContext.getInstance("TLS");
-
-            // MemorizingTrustManager -> PinningTrustManager -> Prompt User
-            /*
-             * The current HTTPS trust model is to first check if a site's key
-             * is TOFUed, then check if it is pinned and valid with the CA, then
-             * prompt the user. There is currently no way to only check the CA
-             * for validity. Ultimately, that should probably not be needed if
-             * the repo URLs can include the HTTPS pin info in the same way that
-             * the repo fingerprint is specified. Then it can be added to the
-             * TOFU/POP keystore when the user accepts the Add Repo dialog
-             */
-            PinningTrustManager pinMgr = new PinningTrustManager(
-                    SystemKeyStore.getInstance(getApplicationContext()),
-                    FDroidCertPins.getPinList(),
-                    0);
-            MemorizingTrustManager memMgr = new MemorizingTrustManager(getApplicationContext(), pinMgr);
-
-            /*
-             * initialize a SSLContext with the outermost trust manager, use
-             * this context to set the default SSL socket factory for the
-             * HTTPSURLConnection class.
-             */
-            sc.init(null, new TrustManager[] {memMgr}, new java.security.SecureRandom());
-            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
-        } catch (KeyManagementException e) {
-            Log.e("FDroid", "Unable to set up trust manager chain. KeyManagementException");
-        } catch (NoSuchAlgorithmException e) {
-            Log.e("FDroid", "Unable to set up trust manager chain. NoSuchAlgorithmException");
-        }
+        // TODO reintroduce PinningTrustManager and MemorizingTrustManager

        // initialized the local repo information
        WifiManager wifiManager = (WifiManager) getSystemService(WIFI_SERVICE);