Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | made OF selfSigned() workaround only available >=kitkat | Christian Schneppe | 2017-08-01 | 1 | -4/+3 |
| | | | | | this undos 0f34c0ab3ed0ce3c98dc4d835c7897e8d533f7e6 as it turns out 4.1 and 4.0 only break when checking if a cert is self signed. | ||||
* | use CN-workaround for pre-kitkat | Christian Schneppe | 2017-08-01 | 1 | -2/+4 |
| | |||||
* | fix regression introduces with OF fix. properly fall back to common name | Christian Schneppe | 2017-08-01 | 1 | -7/+7 |
| | |||||
* | workaround for OpenFire: check CN first in self signed certs | Christian Schneppe | 2017-08-01 | 1 | -5/+32 |
| | | | | | | | | | | | | | | | The self signed certificates created by OpenFire (Not sure if other certs are affected as well) will crash the Java/Android TLS stack when accessing getSubjectAlternativeNames() on the the peer certificate. This usually goes unnoticed in other applications since the DefaultHostnameVerifier checkes the CN first. That however is a violation of RFC6125 section 6.4.4 which requires us to check for the existence of SAN first. This commit adds a work around where in self signed certificates we check for the CN first as well. (Avoiding the call to getSubjectAlternativeNames()) | ||||
* | also check for hostname in in certs if hostname is from trusted source | Christian Schneppe | 2017-06-24 | 1 | -4/+16 |
| | |||||
* | reformat code | Christian Schneppe | 2016-11-19 | 1 | -94/+94 |
| | |||||
* | changed package id inside manifest and project | Christian Schneppe | 2016-07-29 | 1 | -0/+127 |