use NetCipher to get improved TLS and cipher support on HTTPS connections

The NetCipher library creates instances of HttpURLConnection that are configured to have solid TLS protocol and cipher settings, especially on older versions of Android. fixes #370 https://gitlab.com/fdroid/fdroidclient/issues/370
2015-09-08 16:38:19 +02:00 · 2015-09-08 16:38:19 +02:00 · 2c88703588
commit 2c88703588
parent 853e281710
3 changed files with 12 additions and 3 deletions
--- a/F-Droid/build.gradle
+++ b/F-Droid/build.gradle
@ -24,6 +24,7 @@ if (!hasProperty('sourceDeps')) {
        compile 'com.google.zxing:core:3.2.1'
        compile 'eu.chainfire:libsuperuser:1.0.0.201504231659'
        compile 'cc.mvdan.accesspoint:library:0.1.1'
+        compile 'info.guardianproject.netcipher:netcipher:1.2'

        // We use a slightly modified spongycastle, see
        // openkeychain/spongycastle with some changes on top of 1.51.0.0
--- a/F-Droid/proguard-rules.pro
+++ b/F-Droid/proguard-rules.pro
@ -10,6 +10,10 @@
 -dontnote android.support.**
 -dontnote **ILicensingService

+# StrongHttpsClient and its support classes are totally unused, so the
+# ch.boye.httpclientandroidlib.** classes are also unneeded
+-dontwarn info.guardianproject.netcipher.client.**
+
 # These libraries are known to break if minification is enabled on them. They
 # use reflection to instantiate classes, for example. If the keep flags are
 # removed, proguard will strip classes which are required, which may result in
--- a/F-Droid/src/org/fdroid/fdroid/net/HttpDownloader.java
+++ b/F-Droid/src/org/fdroid/fdroid/net/HttpDownloader.java
@ -8,7 +8,6 @@ import com.nostra13.universalimageloader.core.download.BaseImageDownloader;
 import org.fdroid.fdroid.Preferences;
 import org.fdroid.fdroid.Utils;

-import javax.net.ssl.SSLHandshakeException;
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
@ -20,6 +19,10 @@ import java.net.Proxy;
 import java.net.SocketAddress;
 import java.net.URL;

+import javax.net.ssl.SSLHandshakeException;
+
+import info.guardianproject.netcipher.NetCipher;
+
 public class HttpDownloader extends Downloader {
    private static final String TAG = "HttpDownloader";

@ -88,10 +91,11 @@ public class HttpDownloader extends Downloader {
        if (prefs.isProxyEnabled()) {
            SocketAddress sa = new InetSocketAddress(prefs.getProxyHost(), prefs.getProxyPort());
            Proxy proxy = new Proxy(Proxy.Type.HTTP, sa);
-            connection = (HttpURLConnection) sourceUrl.openConnection(proxy);
+            NetCipher.setProxy(proxy);
        } else {
-            connection = (HttpURLConnection) sourceUrl.openConnection();
+            NetCipher.setProxy(null);
        }
+        connection = NetCipher.getHttpURLConnection(sourceUrl);
    }

    protected void doDownload() throws IOException, InterruptedException {