use sni and alpn for start tls as well. apperently google requires it

This commit is contained in:
Daniel Gultsch 2018-10-01 11:34:27 +02:00
parent 1cbb60d7ed
commit 8270adf703
2 changed files with 4 additions and 1 deletions

View file

@ -57,7 +57,7 @@ public class TLSSocketFactory extends SSLSocketFactory {
} }
private static Socket enableTLSOnSocket(Socket socket) { private static Socket enableTLSOnSocket(Socket socket) {
if(socket != null && (socket instanceof SSLSocket)) { if(socket instanceof SSLSocket) {
SSLSocketHelper.setSecurity((SSLSocket) socket); SSLSocketHelper.setSecurity((SSLSocket) socket);
} }
return socket; return socket;

View file

@ -843,11 +843,14 @@ public class XmppConnection implements Runnable {
final SSLSocket sslSocket = (SSLSocket) tlsFactoryVerifier.factory.createSocket(socket, address.getHostAddress(), socket.getPort(), true); final SSLSocket sslSocket = (SSLSocket) tlsFactoryVerifier.factory.createSocket(socket, address.getHostAddress(), socket.getPort(), true);
if (sslSocket == null) { if (sslSocket == null) {
throw new IOException("could not initialize ssl socket"); throw new IOException("could not initialize ssl socket");
} }
SSLSocketHelper.setSecurity(sslSocket); SSLSocketHelper.setSecurity(sslSocket);
SSLSocketHelper.setHostname(sslSocket, account.getServer());
SSLSocketHelper.setApplicationProtocol(sslSocket, "xmpp-client");
if (!tlsFactoryVerifier.verifier.verify(account.getServer(), this.verifiedHostname, sslSocket.getSession())) { if (!tlsFactoryVerifier.verifier.verify(account.getServer(), this.verifiedHostname, sslSocket.getSession())) {
Log.d(Config.LOGTAG, account.getJid().asBareJid() + ": TLS certificate verification failed"); Log.d(Config.LOGTAG, account.getJid().asBareJid() + ": TLS certificate verification failed");