From bad613fbc14ecee232c284515af99a3da684c034 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Tue, 27 Sep 2016 14:40:53 +0200
Subject: [PATCH 1/3] move HttpDownloaderTest to emulator, AndroidOS has
 oddities

There are oddities with the way that Android has implemented the network
stack, as compared to OpenJDK or Oracle JDK.  So running the tests on the
local JVM, i.e. Robolectric, will not provide good test coverage for real
world use cases.
---
 .../java/org/fdroid/fdroid/net/HttpDownloaderTest.java            | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename app/src/{test => androidTest}/java/org/fdroid/fdroid/net/HttpDownloaderTest.java (100%)

diff --git a/app/src/test/java/org/fdroid/fdroid/net/HttpDownloaderTest.java b/app/src/androidTest/java/org/fdroid/fdroid/net/HttpDownloaderTest.java
similarity index 100%
rename from app/src/test/java/org/fdroid/fdroid/net/HttpDownloaderTest.java
rename to app/src/androidTest/java/org/fdroid/fdroid/net/HttpDownloaderTest.java

From 4598a78bfdbd636438d6ea882c66a7f9daa9a3a7 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Tue, 27 Sep 2016 14:54:02 +0200
Subject: [PATCH 2/3] support TLS 1.2 on all repos

Update to the latest NetCipher, which now fully supports SNI, in order to
support TLS 1.2 on all supported platform levels.  Without this, a repo
that is TLS 1.2 only will be unusable on all but the most recent versions
of Android.

#431
---
 app/build.gradle                                         | 4 ++--
 .../main/java/org/fdroid/fdroid/net/HttpDownloader.java  | 9 ---------
 2 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/app/build.gradle b/app/build.gradle
index fc9f9f4b8..1f30bd902 100644
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -26,7 +26,7 @@ dependencies {
     compile 'com.google.zxing:core:3.2.1'
     compile 'eu.chainfire:libsuperuser:1.0.0.201602271131'
     compile 'cc.mvdan.accesspoint:library:0.2.0'
-    compile 'info.guardianproject.netcipher:netcipher:1.2.1'
+    compile 'info.guardianproject.netcipher:netcipher:2.0.0-alpha1'
     compile 'commons-io:commons-io:2.5'
     compile 'commons-net:commons-net:3.5'
     compile 'org.openhab.jmdns:jmdns:3.4.2'
@@ -103,7 +103,7 @@ if (!hasProperty('sourceDeps')) {
                 'com.madgag.spongycastle:prov:029f26cd6b67c06ffa05702d426d472c141789001bcb15b7262ed86c868e5643',
                 'com.nostra13.universalimageloader:universal-image-loader:dbd5197ffec3a8317533190870a7c00ff3750dd6a31241448c6a5522d51b65b4',
                 'eu.chainfire:libsuperuser:018344ff19ee94d252c14b4a503ee8b519184db473a5af83513f5837c413b128',
-                'info.guardianproject.netcipher:netcipher:611ec5bde9d799fd57e1efec5c375f9f460de2cdda98918541decc9a7d02f2ad',
+                'info.guardianproject.netcipher:netcipher:eeeb5d0d95ccfe176b4296cbd71a9a24c6efb0bab5c4025a8c6bc36abdddfc75',
                 'io.reactivex:rxandroid:35c1a90f8c1f499db3c1f3d608e1f191ac8afddb10c02dd91ef04c03a0a4bcda',
                 'io.reactivex:rxjava:2c162afd78eba217cdfee78b60e85d3bfb667db61e12bc95e3cf2ddc5beeadf6',
                 'org.openhab.jmdns:jmdns:7a4b34b5606bbd2aff7fdfe629edcb0416fccd367fb59a099f210b9aba4f0bce',
diff --git a/app/src/main/java/org/fdroid/fdroid/net/HttpDownloader.java b/app/src/main/java/org/fdroid/fdroid/net/HttpDownloader.java
index db727e576..04bf202fa 100644
--- a/app/src/main/java/org/fdroid/fdroid/net/HttpDownloader.java
+++ b/app/src/main/java/org/fdroid/fdroid/net/HttpDownloader.java
@@ -16,8 +16,6 @@ import java.net.HttpURLConnection;
 import java.net.MalformedURLException;
 import java.net.URL;
 
-import javax.net.ssl.HttpsURLConnection;
-
 import info.guardianproject.netcipher.NetCipher;
 
 public class HttpDownloader extends Downloader {
@@ -117,13 +115,6 @@ public class HttpDownloader extends Downloader {
             connection = NetCipher.getHttpURLConnection(sourceUrl);
         }
 
-        // workaround until NetCipher supports HTTPS SNI
-        // https://gitlab.com/fdroid/fdroidclient/issues/431
-        if (connection instanceof HttpsURLConnection
-                && !"f-droid.org".equals(sourceUrl.getHost())) {
-            ((HttpsURLConnection) connection).setSSLSocketFactory(HttpsURLConnection.getDefaultSSLSocketFactory());
-        }
-
         if (username != null && password != null) {
             // add authorization header from username / password if set
             String authString = username + ":" + password;

From 4c7322d917436896bc759446d90081419a2a85dc Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Tue, 27 Sep 2016 14:59:32 +0200
Subject: [PATCH 3/3] throw in extra test URLs for HttpDownloaderTest

These are commented out so that the tests aren't brittle when they run on
the CI builds.  But are easy to uncomment when testing locally.
---
 .../java/org/fdroid/fdroid/net/HttpDownloaderTest.java          | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/src/androidTest/java/org/fdroid/fdroid/net/HttpDownloaderTest.java b/app/src/androidTest/java/org/fdroid/fdroid/net/HttpDownloaderTest.java
index 3beedff97..a40b4a945 100644
--- a/app/src/androidTest/java/org/fdroid/fdroid/net/HttpDownloaderTest.java
+++ b/app/src/androidTest/java/org/fdroid/fdroid/net/HttpDownloaderTest.java
@@ -22,6 +22,8 @@ public class HttpDownloaderTest {
             "https://f-droid.org/repo/index.jar",
             // sites that use SNI for HTTPS
             "https://guardianproject.info/fdroid/repo/index.jar",
+            //"https://microg.org/fdroid/repo/index.jar",
+            //"https://grobox.de/fdroid/repo/index.jar",
     };
 
     private boolean receivedProgress;