Closed GoogleCodeExporter closed 8 years ago
GoogleCodeExporter
commented
8 years ago Investigating for the proper solution.
Probably some Settings->SSL timeout value that is checked on some watchdog
thread.Original comment by supp.san...@gmail.com on 18 Nov 2011 at 11:08
GoogleCodeExporter
commented
8 years ago I downloaded and installed the last update available at the Market for 2.3.x.
I've noticed that this behavior has changed. The SSL session no longer
automatically times out after a period of time. I personally like this new
behavior because I can always do a Menu --> Clear when I want to close the SSL
session and force the certificate password to be entered again.
Best regards,
Mark
Original comment by lido14ph...@gmail.com on 21 Nov 2011 at 6:23
GoogleCodeExporter
commented
8 years ago Well, that's strange... because I did not change anything on SSL layer or
around it...
I rather not touch anything on that part and leave it as is implemented by
android framework.
But from security point of view there should be some ssl timeout. So I will
implemented it.
I prepare some version that you can test it.
http://code.google.com/p/sandrob/downloads/detail?name=sandrob_stock233_1_0_3_40
.apk
- failed attempts are reset after valid password is entered
- user can input in settings ssl timeout
There is still some testing to be done
and I still did not decide if ssl timeout
should be bound to first action with keystore or last one.Original comment by supp.san...@gmail.com on 21 Nov 2011 at 7:24
GoogleCodeExporter
commented
8 years ago I tested out the this latest build:
The "failed attempt reset after valid password entry" works perfectly.
On the SSL session timeout, I tried values of 15 and 1. The SSL session does
not seem to ever time out. This was the same behavior that I was experiencing
with the last update from the market. I can end the SSL session with Menu -->
Clear. After that, I have to enter the client certificate password as
expected. However, the SSL session does not seem to automatically time out any
more.
Best regards,
MarkOriginal comment by lido14ph...@gmail.com on 22 Nov 2011 at 6:26
GoogleCodeExporter
commented
8 years ago I checked code and find some problems with implementation.
I will create new version and put it in download section.Original comment by supp.san...@gmail.com on 22 Nov 2011 at 7:51
GoogleCodeExporter
commented
8 years ago New version
http://code.google.com/p/sandrob/downloads/detail?name=sandrob_stock233_1_0_3_41
.apk
- timeout starts on first access to keystore
- default value is 0 -> no timeout
- it takes at least 12 seconds that valid http connection
is dropped from pool and new is created. This means that keystore is again accessed if no request is made for 12 seconds
https://github.com/CyanogenMod/android_frameworks_base/blob/gingerbread/core/java/android/net/http/IdleCache.java
(source from cyanogen because android source is not browsable at the momment)Original comment by supp.san...@gmail.com on 23 Nov 2011 at 12:05
GoogleCodeExporter
commented
8 years ago The timeout works nicely in this version. I have tested values ranging from a
few minutes to hours as well as 0.
Thank you very much for taking time to make these additions and changes.
If I can be of any assistance with future versions (testing, etc), please let
me know.
Best regards,
Mark
Original comment by lido14ph...@gmail.com on 23 Nov 2011 at 10:35
GoogleCodeExporter
commented
8 years ago Original comment by supp.san...@gmail.com on 24 Nov 2011 at 6:50
GoogleCodeExporter
commented
8 years ago version is on the marketOriginal comment by supp.san...@gmail.com on 24 Nov 2011 at 9:08
GoogleCodeExporter
commented
8 years ago Original comment by supp.san...@gmail.com on 28 Nov 2011 at 4:05
Original issue reported on code.google.com by
supp.san...@gmail.comon 18 Nov 2011 at 10:56