diff options
author | Christian Schneppe <christian@pix-art.de> | 2017-08-01 12:20:15 +0200 |
---|---|---|
committer | Christian Schneppe <christian@pix-art.de> | 2017-08-01 12:20:15 +0200 |
commit | 506ba0df107f78c498d4487a833ef1d2d2bf6587 (patch) | |
tree | 775d5cb8f3ecef1775200b2c3af3e3704a477896 /src/main/java/de/pixart/messenger/xmpp/chatstate | |
parent | 30b35c5d764373afbf5d2c2d46a50b3591c537d1 (diff) |
workaround for OpenFire: check CN first in self signed certs
The self signed certificates created by OpenFire (Not sure if other
certs are affected as well) will crash the Java/Android TLS stack when
accessing getSubjectAlternativeNames() on the the peer certificate.
This usually goes unnoticed in other applications since the
DefaultHostnameVerifier checkes the CN first. That however is a
violation of RFC6125 section 6.4.4 which requires us to check for the
existence of SAN first.
This commit adds a work around where in self signed certificates we
check for the CN first as well. (Avoiding the call to
getSubjectAlternativeNames())
Diffstat (limited to 'src/main/java/de/pixart/messenger/xmpp/chatstate')
0 files changed, 0 insertions, 0 deletions