aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Gultsch <daniel@gultsch.de>2016-12-09 19:56:49 +0100
committerDaniel Gultsch <daniel@gultsch.de>2016-12-09 19:56:49 +0100
commit88321c1e8c6e119fb200b3d0bbaa4f304334d226 (patch)
treee116fc550f7566c2bd0973941caccb2cc2487a43
parent8abfbf82fab1f51d5a3c13bba8c19b3d92de8eca (diff)
use POSH only when system CAs are trusted
-rw-r--r--libs/MemorizingTrustManager/src/de/duenndns/ssl/MemorizingTrustManager.java4
1 files changed, 3 insertions, 1 deletions
diff --git a/libs/MemorizingTrustManager/src/de/duenndns/ssl/MemorizingTrustManager.java b/libs/MemorizingTrustManager/src/de/duenndns/ssl/MemorizingTrustManager.java
index 439ad0f9..a45ab05b 100644
--- a/libs/MemorizingTrustManager/src/de/duenndns/ssl/MemorizingTrustManager.java
+++ b/libs/MemorizingTrustManager/src/de/duenndns/ssl/MemorizingTrustManager.java
@@ -36,6 +36,7 @@ import android.content.Context;
import android.content.Intent;
import android.net.Uri;
import android.os.SystemClock;
+import android.preference.PreferenceManager;
import android.util.Base64;
import android.util.Log;
import android.util.SparseArray;
@@ -430,7 +431,8 @@ public class MemorizingTrustManager {
else
defaultTrustManager.checkClientTrusted(chain, authType);
} catch (CertificateException e) {
- if (domain != null && isServer && !isIp(domain)) {
+ boolean trustSystemCAs = !PreferenceManager.getDefaultSharedPreferences(master).getBoolean("dont_trust_system_cas", false);
+ if (domain != null && isServer && trustSystemCAs && !isIp(domain)) {
String hash = getBase64Hash(chain[0],"SHA-256");
List<String> fingerprints = getPoshFingerprints(domain);
if (hash != null && fingerprints.contains(hash)) {