aboutsummaryrefslogtreecommitdiffstats
path: root/src/main/java/de/pixart/messenger/crypto
diff options
context:
space:
mode:
authorChristian Schneppe <christian@pix-art.de>2017-06-24 10:05:30 +0200
committerChristian Schneppe <christian@pix-art.de>2017-06-24 10:05:30 +0200
commit8874d58e68f251bb3a9367caa686e6ef08e55ce8 (patch)
tree193e0fdf930e4cc88ecb55f41bf42bad2440aeeb /src/main/java/de/pixart/messenger/crypto
parent356c7bec9c2900242b16d99968cdcd78e674dee9 (diff)
also check for hostname in in certs if hostname is from trusted source
Diffstat (limited to 'src/main/java/de/pixart/messenger/crypto')
-rw-r--r--src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java20
1 files changed, 16 insertions, 4 deletions
diff --git a/src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java b/src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java
index d305a33d5..26aa268e4 100644
--- a/src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java
+++ b/src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java
@@ -21,10 +21,11 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
-import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
-public class XmppDomainVerifier implements HostnameVerifier {
+import de.duenndns.ssl.DomainHostnameVerifier;
+
+public class XmppDomainVerifier implements DomainHostnameVerifier {
private static final String LOGTAG = "XmppDomainVerifier";
@@ -32,7 +33,7 @@ public class XmppDomainVerifier implements HostnameVerifier {
private final String xmppAddr = "1.3.6.1.5.5.7.8.5";
@Override
- public boolean verify(String domain, SSLSession sslSession) {
+ public boolean verify(String domain, String hostname, SSLSession sslSession) {
try {
Certificate[] chain = sslSession.getPeerCertificates();
if (chain.length == 0 || !(chain[0] instanceof X509Certificate)) {
@@ -76,7 +77,13 @@ public class XmppDomainVerifier implements HostnameVerifier {
}
}
Log.d(LOGTAG, "searching for " + domain + " in srvNames: " + srvNames + " xmppAddrs: " + xmppAddrs + " domains:" + domains);
- return xmppAddrs.contains(domain) || srvNames.contains("_xmpp-client." + domain) || matchDomain(domain, domains);
+ if (hostname != null) {
+ Log.d(LOGTAG, "also trying to verify hostname " + hostname);
+ }
+ return xmppAddrs.contains(domain)
+ || srvNames.contains("_xmpp-client." + domain)
+ || matchDomain(domain, domains)
+ || (hostname != null && matchDomain(hostname, domains));
} catch (Exception e) {
return false;
}
@@ -124,4 +131,9 @@ public class XmppDomainVerifier implements HostnameVerifier {
}
return false;
}
+
+ @Override
+ public boolean verify(String domain, SSLSession sslSession) {
+ return verify(domain, null, sslSession);
+ }
}