diff options
author | Christian Schneppe <christian@pix-art.de> | 2017-06-24 10:05:30 +0200 |
---|---|---|
committer | Christian Schneppe <christian@pix-art.de> | 2017-06-24 10:05:30 +0200 |
commit | 8874d58e68f251bb3a9367caa686e6ef08e55ce8 (patch) | |
tree | 193e0fdf930e4cc88ecb55f41bf42bad2440aeeb /src/main/java/de/pixart/messenger/crypto | |
parent | 356c7bec9c2900242b16d99968cdcd78e674dee9 (diff) |
also check for hostname in in certs if hostname is from trusted source
Diffstat (limited to 'src/main/java/de/pixart/messenger/crypto')
-rw-r--r-- | src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java b/src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java index d305a33d5..26aa268e4 100644 --- a/src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java +++ b/src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java @@ -21,10 +21,11 @@ import java.util.ArrayList; import java.util.Collection; import java.util.List; -import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLSession; -public class XmppDomainVerifier implements HostnameVerifier { +import de.duenndns.ssl.DomainHostnameVerifier; + +public class XmppDomainVerifier implements DomainHostnameVerifier { private static final String LOGTAG = "XmppDomainVerifier"; @@ -32,7 +33,7 @@ public class XmppDomainVerifier implements HostnameVerifier { private final String xmppAddr = "1.3.6.1.5.5.7.8.5"; @Override - public boolean verify(String domain, SSLSession sslSession) { + public boolean verify(String domain, String hostname, SSLSession sslSession) { try { Certificate[] chain = sslSession.getPeerCertificates(); if (chain.length == 0 || !(chain[0] instanceof X509Certificate)) { @@ -76,7 +77,13 @@ public class XmppDomainVerifier implements HostnameVerifier { } } Log.d(LOGTAG, "searching for " + domain + " in srvNames: " + srvNames + " xmppAddrs: " + xmppAddrs + " domains:" + domains); - return xmppAddrs.contains(domain) || srvNames.contains("_xmpp-client." + domain) || matchDomain(domain, domains); + if (hostname != null) { + Log.d(LOGTAG, "also trying to verify hostname " + hostname); + } + return xmppAddrs.contains(domain) + || srvNames.contains("_xmpp-client." + domain) + || matchDomain(domain, domains) + || (hostname != null && matchDomain(hostname, domains)); } catch (Exception e) { return false; } @@ -124,4 +131,9 @@ public class XmppDomainVerifier implements HostnameVerifier { } return false; } + + @Override + public boolean verify(String domain, SSLSession sslSession) { + return verify(domain, null, sslSession); + } } |