From 9e51cf8a85eeb143d041bf7e2d20212a456e5a8f Mon Sep 17 00:00:00 2001 From: Christian Schneppe Date: Tue, 1 Aug 2017 13:31:04 +0200 Subject: made OF selfSigned() workaround only available >=kitkat this undos 0f34c0ab3ed0ce3c98dc4d835c7897e8d533f7e6 as it turns out 4.1 and 4.0 only break when checking if a cert is self signed. --- src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java') diff --git a/src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java b/src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java index 97b3733b6..e811a0f39 100644 --- a/src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java +++ b/src/main/java/de/pixart/messenger/crypto/XmppDomainVerifier.java @@ -43,10 +43,9 @@ public class XmppDomainVerifier implements DomainHostnameVerifier { } X509Certificate certificate = (X509Certificate) chain[0]; final List commonNames = getCommonNames(certificate); - final boolean isSelfSignedCertificate = isSelfSigned(certificate); - if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT || isSelfSignedCertificate) { - if (commonNames.size() == 1 && commonNames.get(0).equals(domain)) { - Log.d(LOGTAG, "accepted CN in cert as work around for " + domain + " isSelfSigned=" + Boolean.toString(isSelfSignedCertificate) + ", sdkInt=" + Build.VERSION.SDK_INT); + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT && isSelfSigned(certificate)) { + if (commonNames.size() == 1 && matchDomain(domain, commonNames)) { + Log.d(LOGTAG, "accepted CN in self signed cert as work around for " + domain); return true; } } -- cgit v1.2.3