use sni and alpn for start tls as well. apperently google requires it

This commit is contained in:
Daniel Gultsch 2018-10-01 11:34:27 +02:00
parent 1cbb60d7ed
commit 8270adf703
2 changed files with 4 additions and 1 deletions

View file

@ -57,7 +57,7 @@ public class TLSSocketFactory extends SSLSocketFactory {
}
private static Socket enableTLSOnSocket(Socket socket) {
if(socket != null && (socket instanceof SSLSocket)) {
if(socket instanceof SSLSocket) {
SSLSocketHelper.setSecurity((SSLSocket) socket);
}
return socket;

View file

@ -843,11 +843,14 @@ public class XmppConnection implements Runnable {
final SSLSocket sslSocket = (SSLSocket) tlsFactoryVerifier.factory.createSocket(socket, address.getHostAddress(), socket.getPort(), true);
if (sslSocket == null) {
throw new IOException("could not initialize ssl socket");
}
SSLSocketHelper.setSecurity(sslSocket);
SSLSocketHelper.setHostname(sslSocket, account.getServer());
SSLSocketHelper.setApplicationProtocol(sslSocket, "xmpp-client");
if (!tlsFactoryVerifier.verifier.verify(account.getServer(), this.verifiedHostname, sslSocket.getSession())) {
Log.d(Config.LOGTAG, account.getJid().asBareJid() + ": TLS certificate verification failed");