diff --git a/build.gradle b/build.gradle index 01af13b4e..8e1efd6cb 100644 --- a/build.gradle +++ b/build.gradle @@ -67,6 +67,12 @@ project.ext { iconifyVersion = "2.2.2" audioPlayerVersion = "v2.0.0" + // Only used for free builds. This version should be updated regularly. + conscryptVersion = "2.4.0" + // Alternatively one can just use: + // conscryptVersion = "latest.release" + // but it will mess up reproducible builds. + // Google Play build wearableSupportVersion = "2.6.0" diff --git a/core/build.gradle b/core/build.gradle index 4c7ef5a0a..ee7441550 100644 --- a/core/build.gradle +++ b/core/build.gradle @@ -88,7 +88,8 @@ dependencies { api "com.google.android.support:wearable:$wearableSupportVersion" compileOnly "com.google.android.wearable:wearable:$wearableSupportVersion" } else { - System.out.println("core: free build hack, skipping some dependencies") + System.out.println("core: free build hack, skipping some dependencies and bundling conscrypt ("+"$conscryptVersion"+")") + implementation "org.conscrypt:conscrypt-android:$conscryptVersion" } testImplementation "org.awaitility:awaitility:$awaitilityVersion" diff --git a/core/src/free/java/de/danoeh/antennapod/core/ClientConfig.java b/core/src/free/java/de/danoeh/antennapod/core/ClientConfig.java index 824a4fae3..aff8081e2 100644 --- a/core/src/free/java/de/danoeh/antennapod/core/ClientConfig.java +++ b/core/src/free/java/de/danoeh/antennapod/core/ClientConfig.java @@ -1,6 +1,13 @@ package de.danoeh.antennapod.core; import android.content.Context; +import java.security.Security; + +/* + * If you get an error here ("package org.conscrypt does not exist"), you are probably doing a free + * build and didn't pass -PfreeBuild to gradle (e.g. ./gradlew assembleFreeRelease -PfreeBuild). + */ +import org.conscrypt.Conscrypt; import de.danoeh.antennapod.core.preferences.PlaybackPreferences; import de.danoeh.antennapod.core.preferences.SleepTimerPreferences; @@ -55,6 +62,7 @@ public class ClientConfig { } private static void installSslProvider(Context context) { - // ProviderInstaller is a closed-source Google library + // Insert bundled conscrypt as highest security provider (overrides OS version). + Security.insertProviderAt(Conscrypt.newProvider(), 1); } }