android: Add networkSecurityConfig to fetch CLRs/OCSP via HTTP
authorTobias Brunner <tobias@strongswan.org>
Tue, 19 Nov 2019 13:41:34 +0000 (14:41 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 19 Nov 2019 13:44:39 +0000 (14:44 +0100)
Android 9 restricts this to only HTTPS by default.

Fixes #3273.

src/frontends/android/app/src/main/AndroidManifest.xml
src/frontends/android/app/src/main/res/xml/network_security_config.xml [new file with mode: 0644]

index 35fe4ca..2b2ddfc 100644 (file)
@@ -28,6 +28,7 @@
         android:icon="@mipmap/ic_launcher"
         android:label="@string/app_name"
         android:theme="@style/ApplicationTheme"
         android:icon="@mipmap/ic_launcher"
         android:label="@string/app_name"
         android:theme="@style/ApplicationTheme"
+        android:networkSecurityConfig="@xml/network_security_config"
         android:allowBackup="false" >
         <activity
             android:name=".ui.MainActivity"
         android:allowBackup="false" >
         <activity
             android:name=".ui.MainActivity"
diff --git a/src/frontends/android/app/src/main/res/xml/network_security_config.xml b/src/frontends/android/app/src/main/res/xml/network_security_config.xml
new file mode 100644 (file)
index 0000000..7849170
--- /dev/null
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+    Copyright (C) 2019 Tobias Brunner
+    HSR Hochschule fuer Technik Rapperswil
+
+    This program is free software; you can redistribute it and/or modify it
+    under the terms of the GNU General Public License as published by the
+    Free Software Foundation; either version 2 of the License, or (at your
+    option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+-->
+<network-security-config>
+    <base-config cleartextTrafficPermitted="true" />
+</network-security-config>