Commit message (Collapse) | Author | Files | Lines | ||
---|---|---|---|---|---|
2019-08-31 | made domain verifier case insensitive. | Christian Schneppe | 1 | -9/+10 | |
2018-10-02 | made xmpp domain verifier verify wildcard domains where domain is a sub.sub ↵ | Christian Schneppe | 1 | -58/+65 | |
domain | |||||
2018-03-12 | integrate trust manager into conversations | Christian Schneppe | 1 | -2/+0 | |
2017-08-01 | made OF selfSigned() workaround only available >=kitkat | Christian Schneppe | 1 | -4/+3 | |
this undos 0f34c0ab3ed0ce3c98dc4d835c7897e8d533f7e6 as it turns out 4.1 and 4.0 only break when checking if a cert is self signed. | |||||
2017-08-01 | use CN-workaround for pre-kitkat | Christian Schneppe | 1 | -2/+4 | |
2017-08-01 | fix regression introduces with OF fix. properly fall back to common name | Christian Schneppe | 1 | -7/+7 | |
2017-08-01 | workaround for OpenFire: check CN first in self signed certs | Christian Schneppe | 1 | -5/+32 | |
The self signed certificates created by OpenFire (Not sure if other certs are affected as well) will crash the Java/Android TLS stack when accessing getSubjectAlternativeNames() on the the peer certificate. This usually goes unnoticed in other applications since the DefaultHostnameVerifier checkes the CN first. That however is a violation of RFC6125 section 6.4.4 which requires us to check for the existence of SAN first. This commit adds a work around where in self signed certificates we check for the CN first as well. (Avoiding the call to getSubjectAlternativeNames()) | |||||
2017-06-24 | also check for hostname in in certs if hostname is from trusted source | Christian Schneppe | 1 | -4/+16 | |
2016-11-19 | reformat code | Christian Schneppe | 1 | -94/+94 | |
2016-07-29 | changed package id inside manifest and project | Christian Schneppe | 1 | -1/+1 | |
2015-10-15 | moved other name parsing into seperate method | Daniel Gultsch | 1 | -40/+45 | |
2015-10-15 | use constants for oids in xmppdomainverifier | Daniel Gultsch | 1 | -2/+5 | |
2015-10-15 | more checks for xmppdomainverifier and better wildcard handling | Daniel Gultsch | 1 | -4/+10 | |
2015-10-15 | use own XmppDomainVerifier instead of deprecated StrictHostnameVerifier. ↵ | Daniel Gultsch | 1 | -0/+113 | |
fixes #1189 |