made OF selfSigned() workaround only available >=kitkat

this undos 0f34c0ab3ed0ce3c98dc4d835c7897e8d533f7e6 as it turns out 4.1
and 4.0 only break when checking if a cert is self signed.

1 files changed, 3 insertions, 4 deletions

diff --git a/src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java b/src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java
index 97b3733b6..e811a0f39 100644
--- a/src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java
+++ b/src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java
@@ -43,10 +43,9 @@ public class XmppDomainVerifier implements DomainHostnameVerifier {
             }
             X509Certificate certificate = (X509Certificate) chain[0];
             final List<String> commonNames = getCommonNames(certificate);
-            final boolean isSelfSignedCertificate = isSelfSigned(certificate);
-            if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT || isSelfSignedCertificate) {
-                if (commonNames.size() == 1 && commonNames.get(0).equals(domain)) {
-                    Log.d(LOGTAG, "accepted CN in cert as work around for " + domain + " isSelfSigned=" + Boolean.toString(isSelfSignedCertificate) + ", sdkInt=" + Build.VERSION.SDK_INT);
+            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT && isSelfSigned(certificate)) {
+                if (commonNames.size() == 1 && matchDomain(domain, commonNames)) {
+                    Log.d(LOGTAG, "accepted CN in self signed cert as work around for " + domain);
                     return true;
                 }
             }