From 08725ba2bb49b70c84593a1d3a11d35afb9a449a Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Wed, 10 Aug 2016 12:34:05 +0200 Subject: use direct ssl when port was manually set to 5223 this should create a work around for the oracle xmpp server --- .../siacs/conversations/xmpp/XmppConnection.java | 26 ++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) (limited to 'src/main/java') diff --git a/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java b/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java index 1072e29d..89ffa05d 100644 --- a/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java +++ b/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java @@ -46,6 +46,7 @@ import java.util.concurrent.atomic.AtomicInteger; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.X509KeyManager; @@ -271,9 +272,30 @@ public class XmppConnection implements Runnable { socket = SocksSocketFactory.createSocketOverTor(destination, account.getPort()); startXmpp(); } else if (extended && account.getHostname() != null && !account.getHostname().isEmpty()) { - socket = new Socket(); + + InetSocketAddress address = new InetSocketAddress(account.getHostname(), account.getPort()); + + features.encryptionEnabled = account.getPort() == 5223; + try { - socket.connect(new InetSocketAddress(account.getHostname(), account.getPort()), Config.SOCKET_TIMEOUT * 1000); + if (features.encryptionEnabled) { + try { + final TlsFactoryVerifier tlsFactoryVerifier = getTlsFactoryVerifier(); + socket = tlsFactoryVerifier.factory.createSocket(); + socket.connect(address, Config.SOCKET_TIMEOUT * 1000); + final SSLSession session = ((SSLSocket) socket).getSession(); + if (!tlsFactoryVerifier.verifier.verify(account.getServer().getDomainpart(),session)) { + Log.d(Config.LOGTAG, account.getJid().toBareJid() + ": TLS certificate verification failed"); + throw new SecurityException(); + } + } catch (KeyManagementException e) { + features.encryptionEnabled = false; + socket = new Socket(); + } + } else { + socket = new Socket(); + socket.connect(address, Config.SOCKET_TIMEOUT * 1000); + } } catch (IOException e) { throw new UnknownHostException(); } -- cgit v1.2.3