diff options
author | Daniel Gultsch <daniel@gultsch.de> | 2016-12-09 19:56:49 +0100 |
---|---|---|
committer | Daniel Gultsch <daniel@gultsch.de> | 2016-12-09 19:56:49 +0100 |
commit | 88321c1e8c6e119fb200b3d0bbaa4f304334d226 (patch) | |
tree | e116fc550f7566c2bd0973941caccb2cc2487a43 /libs/MemorizingTrustManager | |
parent | 8abfbf82fab1f51d5a3c13bba8c19b3d92de8eca (diff) |
use POSH only when system CAs are trusted
Diffstat (limited to 'libs/MemorizingTrustManager')
-rw-r--r-- | libs/MemorizingTrustManager/src/de/duenndns/ssl/MemorizingTrustManager.java | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/libs/MemorizingTrustManager/src/de/duenndns/ssl/MemorizingTrustManager.java b/libs/MemorizingTrustManager/src/de/duenndns/ssl/MemorizingTrustManager.java index 439ad0f9..a45ab05b 100644 --- a/libs/MemorizingTrustManager/src/de/duenndns/ssl/MemorizingTrustManager.java +++ b/libs/MemorizingTrustManager/src/de/duenndns/ssl/MemorizingTrustManager.java @@ -36,6 +36,7 @@ import android.content.Context; import android.content.Intent; import android.net.Uri; import android.os.SystemClock; +import android.preference.PreferenceManager; import android.util.Base64; import android.util.Log; import android.util.SparseArray; @@ -430,7 +431,8 @@ public class MemorizingTrustManager { else defaultTrustManager.checkClientTrusted(chain, authType); } catch (CertificateException e) { - if (domain != null && isServer && !isIp(domain)) { + boolean trustSystemCAs = !PreferenceManager.getDefaultSharedPreferences(master).getBoolean("dont_trust_system_cas", false); + if (domain != null && isServer && trustSystemCAs && !isIp(domain)) { String hash = getBase64Hash(chain[0],"SHA-256"); List<String> fingerprints = getPoshFingerprints(domain); if (hash != null && fingerprints.contains(hash)) { |