From 4c24d1c29a726a67eabf86a9f9866e5daeca4ae8 Mon Sep 17 00:00:00 2001 From: Mats Wahlberg Date: Tue, 21 Apr 2020 17:41:24 +0200 Subject: [PATCH] Bundle Conscrypt security provider for Free builds This fixes protocol and cipher errors on older versions of android without requiring Google API/Services (which are non-free) to replace the security provider from the OS. No changes are made to Play builds. The value of conscryptVersion in build.gradle should be updated regularly to keep the bundled version of conscrypt up to date (or changed to "latest.release", which will cause issues with verifying reproducible builds). Fixes: #2814 (for users of free builds) --- build.gradle | 6 ++++++ core/build.gradle | 3 ++- .../java/de/danoeh/antennapod/core/ClientConfig.java | 10 +++++++++- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index 01af13b4e..8e1efd6cb 100644 --- a/build.gradle +++ b/build.gradle @@ -67,6 +67,12 @@ project.ext { iconifyVersion = "2.2.2" audioPlayerVersion = "v2.0.0" + // Only used for free builds. This version should be updated regularly. + conscryptVersion = "2.4.0" + // Alternatively one can just use: + // conscryptVersion = "latest.release" + // but it will mess up reproducible builds. + // Google Play build wearableSupportVersion = "2.6.0" diff --git a/core/build.gradle b/core/build.gradle index 4c7ef5a0a..ee7441550 100644 --- a/core/build.gradle +++ b/core/build.gradle @@ -88,7 +88,8 @@ dependencies { api "com.google.android.support:wearable:$wearableSupportVersion" compileOnly "com.google.android.wearable:wearable:$wearableSupportVersion" } else { - System.out.println("core: free build hack, skipping some dependencies") + System.out.println("core: free build hack, skipping some dependencies and bundling conscrypt ("+"$conscryptVersion"+")") + implementation "org.conscrypt:conscrypt-android:$conscryptVersion" } testImplementation "org.awaitility:awaitility:$awaitilityVersion" diff --git a/core/src/free/java/de/danoeh/antennapod/core/ClientConfig.java b/core/src/free/java/de/danoeh/antennapod/core/ClientConfig.java index 824a4fae3..aff8081e2 100644 --- a/core/src/free/java/de/danoeh/antennapod/core/ClientConfig.java +++ b/core/src/free/java/de/danoeh/antennapod/core/ClientConfig.java @@ -1,6 +1,13 @@ package de.danoeh.antennapod.core; import android.content.Context; +import java.security.Security; + +/* + * If you get an error here ("package org.conscrypt does not exist"), you are probably doing a free + * build and didn't pass -PfreeBuild to gradle (e.g. ./gradlew assembleFreeRelease -PfreeBuild). + */ +import org.conscrypt.Conscrypt; import de.danoeh.antennapod.core.preferences.PlaybackPreferences; import de.danoeh.antennapod.core.preferences.SleepTimerPreferences; @@ -55,6 +62,7 @@ public class ClientConfig { } private static void installSslProvider(Context context) { - // ProviderInstaller is a closed-source Google library + // Insert bundled conscrypt as highest security provider (overrides OS version). + Security.insertProviderAt(Conscrypt.newProvider(), 1); } }