From 26691e56f4582cb88dcb860ef2585c450423e275 Mon Sep 17 00:00:00 2001 From: HystericalDragon Date: Sun, 12 Nov 2023 13:35:29 +0800 Subject: [PATCH] feat: allow enable "allow insecure" all time Actually closes #422 Signed-off-by: HystericalDragon --- .../java/io/nekohasekai/sagernet/Constants.kt | 1 + .../sagernet/database/DataStore.kt | 1 + .../sagernet/fmt/hysteria/HysteriaFmt.kt | 4 +- .../nekohasekai/sagernet/fmt/tuic/TuicFmt.kt | 3 +- .../sagernet/fmt/v2ray/V2RayFmt.kt | 3 +- app/src/main/res/values-zh-rCN/strings.xml | 22 ++-- app/src/main/res/values/strings.xml | 111 ++++++++++++------ app/src/main/res/xml/global_preferences.xml | 4 + 8 files changed, 100 insertions(+), 49 deletions(-) diff --git a/app/src/main/java/io/nekohasekai/sagernet/Constants.kt b/app/src/main/java/io/nekohasekai/sagernet/Constants.kt index 42409864..8b64284f 100644 --- a/app/src/main/java/io/nekohasekai/sagernet/Constants.kt +++ b/app/src/main/java/io/nekohasekai/sagernet/Constants.kt @@ -55,6 +55,7 @@ object Key { const val MUX_TYPE = "muxType" const val MUX_PROTOCOLS = "mux" const val MUX_CONCURRENCY = "muxConcurrency" + const val GLOBAL_ALLOW_INSECURE = "globalAllowInsecure" const val ACQUIRE_WAKE_LOCK = "acquireWakeLock" const val SHOW_BOTTOM_BAR = "showBottomBar" diff --git a/app/src/main/java/io/nekohasekai/sagernet/database/DataStore.kt b/app/src/main/java/io/nekohasekai/sagernet/database/DataStore.kt index dc527ec8..e868b9ba 100644 --- a/app/src/main/java/io/nekohasekai/sagernet/database/DataStore.kt +++ b/app/src/main/java/io/nekohasekai/sagernet/database/DataStore.kt @@ -161,6 +161,7 @@ object DataStore : OnPreferenceDataStoreChangeListener { var muxType by configurationStore.stringToInt(Key.MUX_TYPE) var muxProtocols by configurationStore.stringSet(Key.MUX_PROTOCOLS) var muxConcurrency by configurationStore.stringToInt(Key.MUX_CONCURRENCY) { 8 } + var globalAllowInsecure by configurationStore.boolean(Key.GLOBAL_ALLOW_INSECURE) { false } // old cache, DO NOT ADD diff --git a/app/src/main/java/io/nekohasekai/sagernet/fmt/hysteria/HysteriaFmt.kt b/app/src/main/java/io/nekohasekai/sagernet/fmt/hysteria/HysteriaFmt.kt index 7c966d90..5211c18c 100644 --- a/app/src/main/java/io/nekohasekai/sagernet/fmt/hysteria/HysteriaFmt.kt +++ b/app/src/main/java/io/nekohasekai/sagernet/fmt/hysteria/HysteriaFmt.kt @@ -311,7 +311,7 @@ fun buildSingBoxOutboundHysteriaBean(bean: HysteriaBean): MutableMap变化 您确定要删除这个分组吗\? 新增: -\n%s + \n%s 更新: -\n%s + \n%s 删除: -\n%s + \n%s 运行模式 仅代理 @@ -54,7 +54,7 @@ 速度通知更新间隔 %1$s↑ %2$s↓ 代理: %1$s↑ %2$s↓ -\n直连: %3$s↑ %4$s↓ + \n直连: %3$s↑ %4$s↓ %s/s 测试中… 连接成功: HTTPS 握手耗时 %dms @@ -190,7 +190,7 @@ gRPC 服务名称 应用层协议协商 重复: -\n%s + \n%s 去重 版本 (%s) 显示停止按钮 @@ -355,7 +355,8 @@ 原始 以名称 以延时 - 配置 %s 需要插件 %s,但你的专有设备供应商(通常也是监视资本主义巨头和恶意软件制造商)篡改了你的安卓系统,使该插件无法使用。 + 配置 %s 需要插件 + %s,但你的专有设备供应商(通常也是监视资本主义巨头和恶意软件制造商)篡改了你的安卓系统,使该插件无法使用。 V2Ray (Shadowsocks Android 插件) Simple Obfs (Shadowsocks Android 插件) 流量 @@ -404,8 +405,8 @@ 屏蔽跟踪器 不安全并发 使用N个并发的隧道连接,在恶劣的网络条件下更加强大。更多的连接使隧道更容易被发现,安全性更低。这个项目力求对流量分析有最强的安全性。以不安全的方式使用它就违背了它的目的。 -\n -\n如果你必须使用它,先试试N=2,看看是否能解决你的问题。强烈建议不要在这里使用超过4个连接。 + \n + \n如果你必须使用它,先试试N=2,看看是否能解决你的问题。强烈建议不要在这里使用超过4个连接。 网络 备份 分组和配置 @@ -426,8 +427,8 @@ 清理不可用配置 高级插件 高级插件可以提供原本不支持的协议。\n\n -任何人都可以编写高级插件,开启相当于给予其控制 NekoBox 的权限,请从信任的来源下载安装。\n\n -普通插件在关于页面显示,无需手动开启。 + 任何人都可以编写高级插件,开启相当于给予其控制 NekoBox 的权限,请从信任的来源下载安装。\n\n + 普通插件在关于页面显示,无需手动开启。 包编码 切换 获取唤醒锁 @@ -490,4 +491,5 @@ 更新当前组订阅 组类型不是订阅 更新订阅的时候允许不安全的连接 + 总是跳过 TLS 证书验证 \ No newline at end of file diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml index b6351245..ab6bc3dd 100644 --- a/app/src/main/res/values/strings.xml +++ b/app/src/main/res/values/strings.xml @@ -68,10 +68,12 @@ Show Stop Button If you don’t want to use Quick Tile as the switch Show Direct Speed - Show the traffic speed without proxy in the notification as well + Show the traffic speed without proxy in the notification as + well TLS Security Settings Allow Insecure - Disable certificate checking. When enabled, this configuration is as secure as plaintext + Disable certificate checking. When enabled, this configuration + is as secure as plaintext %1$s↑ %2$s↓ Proxy: %1$s↑ %2$s↓\nDirect: %3$s↑ %4$s↓ %s/s @@ -85,9 +87,11 @@ Remote DNS Direct DNS Enable DNS Routing - Resolve domains in bypass routes with Direct DNS. Be aware of potential DNS leaks + Resolve domains in bypass routes with Direct DNS. Be aware of + potential DNS leaks Enable FakeDNS - May cause other applications need to be restarted to reconnect to the network after proxy stopped + May cause other applications need to be restarted to reconnect to + the network after proxy stopped Domain rewrite Local DNS Port Enable Transproxy Inbound @@ -161,7 +165,9 @@ Domain Resolution Strategy Enable Traffic Sniffing Enable Multiplexer - Mux is designed to reduce TCP handshake latency, not to increase connection throughput. Using Mux to watch videos, download or speed test is usually counter productive. If the server does not support it, you will not be able to access the Internet. + Mux is designed to reduce TCP handshake latency, not to increase + connection throughput. Using Mux to watch videos, download or speed test is usually counter + productive. If the server does not support it, you will not be able to access the Internet. Mux Concurrent Connections TCP keep active packet delivery interval Apps VPN mode @@ -177,7 +183,8 @@ Auto Connect Enable proxy on startup/app update if it was running before Allow Toggling in Lock Screen - Your selected profile information will be less protected + Your selected profile information will be less + protected VPN Service Proxy Service @@ -188,7 +195,8 @@ Shutting down… %s Permission denied to create a VPN service - Failed to start VPN service. You might need to reboot your device. + Failed to start VPN service. You might need to reboot your + device. Please select a profile Connect @@ -235,7 +243,8 @@ Failed to export. Successfully import! Failed to import. - Your device lacks an Android standard file selector, please install one, such as Material Files. + Your device lacks an Android standard file selector, please + install one, such as Material Files. Profile config @@ -278,7 +287,8 @@ Configure… Disabled Unknown plugin %s - Warning: This plugin does not seem to come from a known trusted source. + Warning: This plugin does not seem to come from a known trusted + source. This plugin might not work with Auto Connect Server Settings Shadowsocks Settings @@ -288,7 +298,8 @@ Apply Reload proxy service to apply changes License - Make sure you have read the documentation before adding custom rules, otherwise you may not be able to connect to the Internet. + Make sure you have read the documentation before adding custom rules, + otherwise you may not be able to connect to the Internet. %d Lines Night Mode Follow System @@ -307,7 +318,8 @@ %dms Unavailable Always Show Address - Always display the server address on the configuration card + Always display the server address on the configuration + card Clear traffic statistics Connection test Clear test results @@ -321,7 +333,8 @@ Unreachable Timeout Append HTTP Proxy to VPN - HTTP proxy will be used directly from (browser/ some supported apps), without going through the virtual NIC device (Android 10+) + HTTP proxy will be used directly from (browser/ some + supported apps), without going through the virtual NIC device (Android 10+) Protocol Settings Trojan Provider Basic @@ -332,7 +345,8 @@ Subscription Type Are you sure you want to remove this group? Force Resolve - Resolve all domain names to IP addresses when updating. Host and SNI will be automatically appended if possible + Resolve all domain names to IP addresses when updating. Host + and SNI will be automatically appended if possible Remove duplicate configurations when updating Raw Update Settings @@ -343,7 +357,8 @@ UserAgent Confirm Missing Plugin - Profile %s requires the %s plugin to be installed, but it was not found. + Profile %s requires the %s plugin to be installed, but + it was not found. LEARN MORE DOWNLOAD Install from Play Store @@ -351,9 +366,11 @@ Download OOCv1 API Token Invalid OOCv1 Token - Proxy is not connected, are you sure you want to continue updating? + Proxy is not connected, are you sure you want to + continue updating? Warning - The subscription requires support for protocol %s, but it cannot be found. Unsupported profiles will be ignored. + The subscription requires support for protocol %s, but it + cannot be found. Unsupported profiles will be ignored. Subscription Update Service Subscription Update Updating %s … @@ -362,7 +379,9 @@ %s Used / %s Remaining Expire: %s Import subscription - Confirm you want to import subscription %s? If you are coming from an untrusted source, doing this may result in your IP and this behavior being leaked. + Confirm you want to import subscription %s? If you + are coming from an untrusted source, doing this may result in your IP and this behavior + being leaked. Import profile Confirm you want to import profile %s? Are you sure you want to clear this group? @@ -382,7 +401,9 @@ Origin By Name By Delay - Profile %s requires the %s plugin, but your proprietary equipment vendor (usually surveillance capital giants and malware maker) tampered with your Android, making the plugin unusable. + Profile %s requires the %s plugin, but your + proprietary equipment vendor (usually surveillance capital giants and malware maker) + tampered with your Android, making the plugin unusable. Simple Obfs (Shadowsocks Android Plugin) V2Ray (Shadowsocks Android Plugin) @@ -408,10 +429,12 @@ The app has no interface. Rule for %s - Routing rule %s relies on the VPN to be in effect, so it is ignored. + Routing rule %s relies on the VPN to be in effect, so it is + ignored. Profile Traffic Statistics - When disabled, the used traffic will not be counted + When disabled, the used traffic will not be + counted No statistics yet App Traffic statistics disabled None @@ -427,21 +450,29 @@ Peer Pre-Shared Key Cloudflare Warp - CloudFlare Warp is a free WireGuard VPN provider. By using it, you agree to the TOS. + CloudFlare Warp is a free WireGuard VPN provider. By using it, you + agree to the TOS. Generate Configuration Generating… TUN Implementation Override Destination - Use the sniffed domain to overwrite the destination address, not just for routing + Use the sniffed domain to overwrite the destination + address, not just for routing Resolve Destination - If the destination address is a domain, it is then passed out based on the IPv6 strategy (conflicts with FakeDNS) + If the destination address is a domain, it is then + passed out based on the IPv6 strategy (conflicts with FakeDNS) Pcap Pcap files will be saved to %s Insecure Concurrency - Use N concurrent tunnel connections to be more robust under bad network conditions. More connections make the tunneling easier to detect and less secure. This project strives for the strongest security against traffic analysis. Using it in an insecure way defeats its purpose. \n\nIf you must use this, try N=2 first to see if it solves your issues. Strongly recommend against using more than 4 connections here. + Use N concurrent tunnel connections to be more + robust under bad network conditions. More connections make the tunneling easier to detect + and less secure. This project strives for the strongest security against traffic analysis. + Using it in an insecure way defeats its purpose. \n\nIf you must use this, try N=2 first to + see if it solves your issues. Strongly recommend against using more than 4 connections here. NAT behaviour discovery - Determine the client\'s NAT mapping behaviour and the NAT filtering behaviour defined in RFC 3478 using STUN. + Determine the client\'s NAT mapping behaviour and the NAT + filtering behaviour defined in RFC 3478 using STUN. Start This may take a few minutes… Stun server @@ -453,7 +484,8 @@ Groups and configurations Routing rules Settings - If the routing settings are not backed up with configurations, then custom outbounds will be lost. + If the routing settings are not backed up with configurations, + then custom outbounds will be lost. Not an backup file: excepted .json, but %s Invalid backup file Import @@ -471,12 +503,16 @@ Disable SNI Enable 0-RTT QUIC handshake - Your APP is too old (%s). And will stop working at %s. Please update! - Your APP is too old (%s). And has been stopped working at %s. Please update! + Your APP is too old (%s). And will stop working at %s. Please + update! + Your APP is too old (%s). And has been stopped working at %s. + Please update! Clear unavailable Advanced plugin - Advanced plugins can provide protocols that are not originally supported.\n\n -Anyone can write advanced plugins, which can control NekoBox. please download and install from trusted sources. + Advanced plugins can provide protocols that are not + originally supported.\n\n + Anyone can write advanced plugins, which can control NekoBox. please download and install + from trusted sources. %s internal error Move Plugin Preferred Provider @@ -518,18 +554,23 @@ Anyone can write advanced plugins, which can control NekoBox. please download an Sniff result for destination Resolve the server address according to the IPv6 policy Auto select proxy apps - Auto select proxy apps, this will clear your current selection. + Auto select proxy apps, this will clear your + current selection. Enable ECH Enable Encrypted Client Hello ECH Settings - Enable post-quantum peer certificate signature supports + Enable post-quantum peer certificate signature + supports Disables adaptive sizing of TLS records ECH Config - If enable, the largest possible TLS record size is always used. When disable, the size of TLS records may be adjusted in an attempt to improve latency. + If enable, the largest possible TLS record size is + always used. When disable, the size of TLS records may be adjusted in an attempt to improve + latency. HTTPUpgrade Host HTTPUpgrade Path Update current Group\'s subscription Group type is not subscription - Disable certificate checking when updating subscriptions - + Disable certificate checking when updating + subscriptions + Always allow insecure \ No newline at end of file diff --git a/app/src/main/res/xml/global_preferences.xml b/app/src/main/res/xml/global_preferences.xml index 90efe52d..80533042 100644 --- a/app/src/main/res/xml/global_preferences.xml +++ b/app/src/main/res/xml/global_preferences.xml @@ -156,6 +156,10 @@ app:key="muxConcurrency" app:title="@string/mux_concurrency" app:useSimpleSummaryProvider="true" /> +