There might be corner cases where it is required to use self signed
certificates. However there should be no corner cases where it is
required to use a wrong domain name. This commit swaps out the
MemorizingHostnameVerifier that let users accept wrong domains with the
standard XmppDomainVerifier.
closes#4066
Conversations used to deduplicate disco queries based on their hash.
However that relies on the first query to go through (device to actually
respond) and to respond properly (hash matches).
Creating a proper retry behaviour for this is actually quite challanging.
(which one would you try next, how long do you wait?)
That commit never worked because there were other checks in place later down the stream.
Allowing other clients (resources) to correct messages introduces the potential for nasty race conditions.
Furthermore we also have a check in place that would check that the OMEMO fingerprint is the same for security reasons. Removing that check is currently undesirable. Therefor correcting a message from another client would only work for plain text messages (and maybe PGP); this only adds confusion for users for very little benefit.
Ever since Android 9+ switched to Conscrypt we can no longer efficiently
encrypt (and decrypt) large files with AES-GCM. We did’t notice this before
because when using 16 byte IVs even modern Androids will fall back to bouncy
castle. However the 'bug'/'feature' in Conscrypt surfaced when we switched over
to 12 byte IVs (which uses Conscrypt on Android 9+)
Switching back entirely to 16 byte IVs is undesirable as this would break
compatibility with Monal. So we end up with a weird compromise where we use
12 byte for normale plain text OMEMO messages and 'small' files where the
inefficiencies aren’t a problem.
The result of this commit is that Monal won’t be able to receive our files
larger than 768KiB. However the alternative is that Conversations would always
OOM when attempting to send larger files (where large depends on the available
RAM.)
fixes#3653