From 8a729061d58be833ced01996efd644c067ed94e2 Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Mon, 17 Jul 2017 23:13:55 +0200 Subject: [PATCH] use CN-workaround for pre-kitkat --- .../eu/siacs/conversations/crypto/XmppDomainVerifier.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java b/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java index d6a460881..3fbdd3fe1 100644 --- a/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java +++ b/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java @@ -1,5 +1,6 @@ package eu.siacs.conversations.crypto; +import android.os.Build; import android.util.Log; import android.util.Pair; @@ -42,9 +43,10 @@ public class XmppDomainVerifier implements DomainHostnameVerifier { } X509Certificate certificate = (X509Certificate) chain[0]; final List commonNames = getCommonNames(certificate); - if (isSelfSigned(certificate)) { + final boolean isSelfSignedCertificate = isSelfSigned(certificate); + if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT || isSelfSignedCertificate) { if (commonNames.size() == 1 && commonNames.get(0).equals(domain)) { - Log.d(LOGTAG,"accepted CN in cert self signed cert for "+domain); + Log.d(LOGTAG,"accepted CN in cert as work around for "+domain+" isSelfSigned="+Boolean.toString(isSelfSignedCertificate)+", sdkInt="+Build.VERSION.SDK_INT); return true; } }