diff options
author | Christian Schneppe <christian@pix-art.de> | 2017-08-01 13:31:04 +0200 |
---|---|---|
committer | Christian Schneppe <christian@pix-art.de> | 2017-08-01 13:31:04 +0200 |
commit | 9e51cf8a85eeb143d041bf7e2d20212a456e5a8f (patch) | |
tree | 9bf55ea6baa6cff9411ecf516f899c21ccbdd093 /src/main/java/de/pixart/messenger/crypto | |
parent | 9d5a51c054def5a565675cfbff9cb07720c20dc2 (diff) |
made OF selfSigned() workaround only available >=kitkat
this undos 0f34c0ab3ed0ce3c98dc4d835c7897e8d533f7e6 as it turns out 4.1
and 4.0 only break when checking if a cert is self signed.
Diffstat (limited to 'src/main/java/de/pixart/messenger/crypto')
-rw-r--r-- | src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java b/src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java index 97b3733b6..e811a0f39 100644 --- a/src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java +++ b/src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java @@ -43,10 +43,9 @@ public class XmppDomainVerifier implements DomainHostnameVerifier { } X509Certificate certificate = (X509Certificate) chain[0]; final List<String> commonNames = getCommonNames(certificate); - final boolean isSelfSignedCertificate = isSelfSigned(certificate); - if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT || isSelfSignedCertificate) { - if (commonNames.size() == 1 && commonNames.get(0).equals(domain)) { - Log.d(LOGTAG, "accepted CN in cert as work around for " + domain + " isSelfSigned=" + Boolean.toString(isSelfSignedCertificate) + ", sdkInt=" + Build.VERSION.SDK_INT); + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT && isSelfSigned(certificate)) { + if (commonNames.size() == 1 && matchDomain(domain, commonNames)) { + Log.d(LOGTAG, "accepted CN in self signed cert as work around for " + domain); return true; } } |