Endless/Base.lproj/Localizable.strings

reviewed

This is a binary file and will not be displayed.

+2

Endless/HostSettings.h

reviewed

··· 16 16 #define HOST_SETTINGS_KEY_HOST @"host" 17 17 #define HOST_SETTINGS_HOST_DEFAULT_LABEL NSLocalizedString(@"Default Settings", nil) 18 18 19 19 + #define HOST_SETTINGS_KEY_IGNORE_TLS_ERRORS @"ignore_tls_errors" 20 20 + 19 21 #define HOST_SETTINGS_KEY_TLS @"min_tls" 20 22 #define HOST_SETTINGS_TLS_12 @"1.2" 21 23 #define HOST_SETTINGS_TLS_AUTO @"1.1"

+1

Endless/HostSettings.m

reviewed

··· 20 20 + (NSDictionary *)defaults 21 21 { 22 22 return @{ 23 23 + HOST_SETTINGS_KEY_IGNORE_TLS_ERRORS: HOST_SETTINGS_VALUE_NO, 23 24 HOST_SETTINGS_KEY_TLS: HOST_SETTINGS_TLS_AUTO, 24 25 HOST_SETTINGS_KEY_CSP: HOST_SETTINGS_CSP_OPEN, 25 26 HOST_SETTINGS_KEY_BLOCK_LOCAL_NETS: HOST_SETTINGS_VALUE_YES,

+19

Endless/HostSettingsController.m

reviewed

··· 240 240 XLFormSectionDescriptor *section = [XLFormSectionDescriptor formSection]; 241 241 [section setTitle:NSLocalizedString(@"Security", nil)]; 242 242 [form addFormSection:section]; 243 243 + 244 244 + /* ignore TLS errors */ 245 245 + if ([[NSUserDefaults standardUserDefaults] boolForKey:@"allow_tls_error_ignore"]) 246 246 + { 247 247 + XLFormRowDescriptor *row = [XLFormRowDescriptor formRowDescriptorWithTag:HOST_SETTINGS_KEY_IGNORE_TLS_ERRORS rowType:XLFormRowDescriptorTypeSelectorActionSheet title:NSLocalizedString(@"Ignore TLS errors", nil)]; 248 248 + 249 249 + XLFormOptionsObject *yes = [XLFormOptionsObject formOptionsObjectWithValue:HOST_SETTINGS_VALUE_YES displayText:NSLocalizedString(@"Yes", nil)]; 250 250 + XLFormOptionsObject *no = [XLFormOptionsObject formOptionsObjectWithValue:HOST_SETTINGS_VALUE_NO displayText:NSLocalizedString(@"No", nil)]; 251 251 + 252 252 + // This value is always "NO", except, when the user set the global setting 253 253 + // "allow_tls_error_ignore" to YES *and* they surfed to a site with an error 254 254 + // *and* the selected "ignore" on the following error alert. 255 255 + [row setSelectorOptions:@[no]]; 256 256 + 257 257 + NSString *val = [host setting:HOST_SETTINGS_KEY_IGNORE_TLS_ERRORS]; 258 258 + [row setValue:[val isEqualToString:HOST_SETTINGS_VALUE_YES] ? yes : no]; 259 259 + 260 260 + [section addFormRow:row]; 261 261 + } 243 262 244 263 /* tls version */ 245 264 {

+18

Endless/InAppSettings.bundle/Root.inApp.plist

reviewed

··· 172 172 </dict> 173 173 <dict> 174 174 <key>Title</key> 175 175 + <string>Security</string> 176 176 + <key>Type</key> 177 177 + <string>PSGroupSpecifier</string> 178 178 + <key>FooterText</key> 179 179 + <string>This allows you to ignore TLS errors for specific sites, which may be needed for testing self-signed sites. DANGER: This may expose you to man-in-the-middle attacks! Don&apos;t use this, if you don&apos;t know, what that is!</string> 180 180 + </dict> 181 181 + <dict> 182 182 + <key>Key</key> 183 183 + <string>allow_tls_error_ignore</string> 184 184 + <key>Title</key> 185 185 + <string>Allow selective ignore of TLS errors</string> 186 186 + <key>Type</key> 187 187 + <string>PSToggleSwitchSpecifier</string> 188 188 + <key>DefaultValue</key> 189 189 + <false/> 190 190 + </dict> 191 191 + <dict> 192 192 + <key>Title</key> 175 193 <string>Miscellaneous</string> 176 194 <key>Type</key> 177 195 <string>PSGroupSpecifier</string>

+3

Endless/InAppSettings.bundle/de.lproj/Root.strings

reviewed

··· 20 20 "Rate on App Store" = "Im App Store bewerten"; 21 21 "About" = "Über"; 22 22 "About Endless" = "Über Endless"; 23 23 + "Security" = "Sicherheit"; 24 24 + "This allows you to ignore TLS errors for specific sites, which may be needed for testing self-signed sites. DANGER: This may expose you to man-in-the-middle attacks! Don't use this, if you don't know, what that is!" = "Dies erlaubt, TLS-Fehler für spezifische Seiten zu ignorieren. ACHTUNG: Dies macht Sie anfällig für sog. Man-in-the-Middle-Attacken! Benutzen Sie das nicht, wenn Sie nicht wissen was das ist!"; 25 25 + "Allow selective ignore of TLS errors" = "Erlaube ausgewähltes Ignorieren von TLS-Fehlern";

+3

Endless/InAppSettings.bundle/en.lproj/Root.strings

reviewed

··· 20 20 "Rate on App Store" = "Rate on App Store"; 21 21 "About" = "About"; 22 22 "About Endless" = "About Endless"; 23 23 + "Security" = "Security"; 24 24 + "This allows you to ignore TLS errors for specific sites, which may be needed for testing self-signed sites. DANGER: This may expose you to man-in-the-middle attacks! Don't use this, if you don't know, what that is!" = "This allows you to ignore TLS errors for specific sites, which may be needed for testing self-signed sites. DANGER: This may expose you to man-in-the-middle attacks! Don't use this, if you don't know, what that is!"; 25 25 + "Allow selective ignore of TLS errors" = "Allow selective ignore of TLS errors";

+35 -3

Endless/WebViewTab.m

reviewed

··· 544 544 if ([[error domain] isEqualToString:NSOSStatusErrorDomain]) { 545 545 switch (error.code) { 546 546 case errSSLProtocol: /* -9800 */ 547 547 - msg = @"SSL protocol error"; 547 547 + msg = NSLocalizedString(@"TLS protocol error", nil); 548 548 break; 549 549 case errSSLNegotiation: /* -9801 */ 550 550 - msg = @"SSL handshake failed"; 550 550 + msg = NSLocalizedString(@"TLS handshake failed", nil); 551 551 break; 552 552 case errSSLXCertChainInvalid: /* -9807 */ 553 553 - msg = @"SSL certificate chain verification error (self-signed certificate?)"; 553 553 + msg = NSLocalizedString(@"TLS certificate chain verification error (self-signed certificate?)", nil); 554 554 break; 555 555 } 556 556 } ··· 576 576 577 577 UIAlertController *uiac = [UIAlertController alertControllerWithTitle:NSLocalizedString(@"Error", nil) message:msg preferredStyle:UIAlertControllerStyleAlert]; 578 578 [uiac addAction:[UIAlertAction actionWithTitle:NSLocalizedString(@"OK", nil) style:UIAlertActionStyleDefault handler:nil]]; 579 579 + 580 580 + if (u != nil && [[NSUserDefaults standardUserDefaults] boolForKey:@"allow_tls_error_ignore"]) { 581 581 + [uiac addAction:[UIAlertAction 582 582 + actionWithTitle:NSLocalizedString(@"Ignore for this host", nil) 583 583 + style:UIAlertActionStyleDestructive 584 584 + handler:^(UIAlertAction * _Nonnull action) { 585 585 + 586 586 + // self.url will hold the URL of the UIWebView which is the last 587 587 + // *successful* request. 588 588 + // We need the URL of the *failed* request, which should be in `u`. 589 589 + // (From `error`'s `userInfo` dictionary. 590 590 + NSURL *url = [[NSURL alloc] initWithString:u]; 591 591 + 592 592 + // Theoretically, URL string could have been malformed. 593 593 + if (url != nil) { 594 594 + HostSettings *hs = [HostSettings forHost:url.host]; 595 595 + 596 596 + if (hs == nil) { 597 597 + hs = [[HostSettings alloc] initForHost:url.host withDict:nil]; 598 598 + } 599 599 + 600 600 + [hs setSetting:HOST_SETTINGS_KEY_IGNORE_TLS_ERRORS toValue:HOST_SETTINGS_VALUE_YES]; 601 601 + 602 602 + [hs save]; 603 603 + [HostSettings persist]; 604 604 + 605 605 + // Retry the failed request. 606 606 + [self loadURL:url]; 607 607 + } 608 608 + }]]; 609 609 + } 610 610 + 579 611 [[appDelegate webViewController] presentViewController:uiac animated:YES completion:nil]; 580 612 581 613 [self webViewDidFinishLoad:__webView];

Endless/de.lproj/Localizable.strings

reviewed

This is a binary file and will not be displayed.

+17 -3

External/CKHTTPConnection.m

reviewed

··· 110 110 NSURL *url = (__bridge_transfer NSURL *)(CFHTTPMessageCopyRequestURL([self HTTPRequest])); 111 111 if ([[[url scheme] lowercaseString] isEqualToString:@"https"]) { 112 112 hs = [HostSettings settingsOrDefaultsForHost:[url host]]; 113 113 + 114 114 + CFMutableDictionaryRef sslOptions = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); 115 115 + 116 116 + BOOL setOptions = NO; 117 117 + 118 118 + if ([hs boolSettingOrDefault:HOST_SETTINGS_KEY_IGNORE_TLS_ERRORS] 119 119 + && [[NSUserDefaults standardUserDefaults] boolForKey:@"allow_tls_error_ignore"]) 120 120 + { 121 121 + CFDictionarySetValue(sslOptions, kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse); 122 122 + setOptions = YES; 123 123 + } 113 124 114 125 if ([[hs settingOrDefault:HOST_SETTINGS_KEY_TLS] isEqualToString:HOST_SETTINGS_TLS_12]) { 115 126 /* kTLSProtocol12 allows lower protocols, so use kCFStreamSSLLevel to force 1.2 */ 116 127 117 117 - CFMutableDictionaryRef sslOptions = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); 118 128 CFDictionarySetValue(sslOptions, kCFStreamSSLLevel, CFSTR("kCFStreamSocketSecurityLevelTLSv1_2")); 119 119 - CFReadStreamSetProperty((__bridge CFReadStreamRef)_HTTPStream, kCFStreamPropertySSLSettings, sslOptions); 120 120 - 129 129 + setOptions = YES; 130 130 + 121 131 #ifdef TRACE_HOST_SETTINGS 122 132 NSLog(@"[HostSettings] set TLS/SSL min level for %@ to TLS 1.2", [url host]); 123 133 #endif 134 134 + } 135 135 + 136 136 + if (setOptions) { 137 137 + CFReadStreamSetProperty((__bridge CFReadStreamRef)_HTTPStream, kCFStreamPropertySSLSettings, sslOptions); 124 138 } 125 139 } 126 140