aboutsummaryrefslogtreecommitdiffstats
path: root/src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java (follow)
Commit message (Collapse)AuthorAgeFilesLines
* made OF selfSigned() workaround only available >=kitkatChristian Schneppe2017-08-011-4/+3
| | | | | this undos 0f34c0ab3ed0ce3c98dc4d835c7897e8d533f7e6 as it turns out 4.1 and 4.0 only break when checking if a cert is self signed.
* use CN-workaround for pre-kitkatChristian Schneppe2017-08-011-2/+4
|
* fix regression introduces with OF fix. properly fall back to common nameChristian Schneppe2017-08-011-7/+7
|
* workaround for OpenFire: check CN first in self signed certsChristian Schneppe2017-08-011-5/+32
| | | | | | | | | | | | | | | The self signed certificates created by OpenFire (Not sure if other certs are affected as well) will crash the Java/Android TLS stack when accessing getSubjectAlternativeNames() on the the peer certificate. This usually goes unnoticed in other applications since the DefaultHostnameVerifier checkes the CN first. That however is a violation of RFC6125 section 6.4.4 which requires us to check for the existence of SAN first. This commit adds a work around where in self signed certificates we check for the CN first as well. (Avoiding the call to getSubjectAlternativeNames())
* also check for hostname in in certs if hostname is from trusted sourceChristian Schneppe2017-06-241-4/+16
|
* reformat codeChristian Schneppe2016-11-191-94/+94
|
* changed package id inside manifest and projectChristian Schneppe2016-07-291-0/+127