From 88321c1e8c6e119fb200b3d0bbaa4f304334d226 Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Fri, 9 Dec 2016 19:56:49 +0100 Subject: use POSH only when system CAs are trusted --- .../src/de/duenndns/ssl/MemorizingTrustManager.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libs/MemorizingTrustManager/src/de/duenndns/ssl/MemorizingTrustManager.java b/libs/MemorizingTrustManager/src/de/duenndns/ssl/MemorizingTrustManager.java index 439ad0f9..a45ab05b 100644 --- a/libs/MemorizingTrustManager/src/de/duenndns/ssl/MemorizingTrustManager.java +++ b/libs/MemorizingTrustManager/src/de/duenndns/ssl/MemorizingTrustManager.java @@ -36,6 +36,7 @@ import android.content.Context; import android.content.Intent; import android.net.Uri; import android.os.SystemClock; +import android.preference.PreferenceManager; import android.util.Base64; import android.util.Log; import android.util.SparseArray; @@ -430,7 +431,8 @@ public class MemorizingTrustManager { else defaultTrustManager.checkClientTrusted(chain, authType); } catch (CertificateException e) { - if (domain != null && isServer && !isIp(domain)) { + boolean trustSystemCAs = !PreferenceManager.getDefaultSharedPreferences(master).getBoolean("dont_trust_system_cas", false); + if (domain != null && isServer && trustSystemCAs && !isIp(domain)) { String hash = getBase64Hash(chain[0],"SHA-256"); List fingerprints = getPoshFingerprints(domain); if (hash != null && fingerprints.contains(hash)) { -- cgit v1.2.3