Commit graph

15 commits

Author SHA1 Message Date
Daniel Gultsch 9a7fc3d9b8 disable omemo by default for *.covid.monal.im domains 2021-03-23 11:52:34 +01:00
Daniel Gultsch 739d20428a optimize imports 2021-03-21 21:39:04 +01:00
Daniel Gultsch b76b60df5c verify against IDN variant of domain 2021-02-04 11:15:59 +01:00
Daniel Gultsch a4665d4657 made domain verifier case insensitive. fixes #3495 2019-07-20 17:51:37 +02:00
Daniel Gultsch d4b98c9aff made xmpp domain verifier verify wildcard domains where domain is a sub.sub domain 2018-10-01 17:08:23 +02:00
Daniel Gultsch de0272fd1a integrate trust manager into conversations 2018-03-07 22:30:33 +01:00
Daniel Gultsch c8bd5bc1f5 made OF selfSigned() workaround only available >=kitkat
this undos 8a729061d5. as it turns out 4.1
and 4.0 only break when checking if a cert is self signed.
2017-07-23 07:47:39 +02:00
Daniel Gultsch 8a729061d5 use CN-workaround for pre-kitkat 2017-07-17 23:13:55 +02:00
Daniel Gultsch 217335703c fix regression introduces with OF fix. properly fall back to common name 2017-07-17 21:11:15 +02:00
Daniel Gultsch 8afe7efc2c workaround for OpenFire: check CN first in self signed certs
The self signed certificates created by OpenFire (Not sure if other
certs are affected as well) will crash the Java/Android TLS stack when
accessing getSubjectAlternativeNames() on the the peer certificate.

This usually goes unnoticed in other applications since the
DefaultHostnameVerifier checkes the CN first. That however is a
violation of RFC6125 section 6.4.4 which requires us to check for the
existence of SAN first.

This commit adds a work around where in self signed certificates we
check for the CN first as well. (Avoiding the call to
getSubjectAlternativeNames())
2017-07-16 11:05:25 +02:00
Daniel Gultsch 2ed71df01a also check for hostname in in certs if hostname is from trusted source 2017-06-21 23:40:01 +02:00
Daniel Gultsch c1716a35e3 moved other name parsing into seperate method 2015-10-15 20:05:55 +02:00
Daniel Gultsch fc96dcaa4d use constants for oids in xmppdomainverifier 2015-10-15 19:14:41 +02:00
Daniel Gultsch 5b271e1ed8 more checks for xmppdomainverifier and better wildcard handling 2015-10-15 18:06:26 +02:00
Daniel Gultsch e75c2cd731 use own XmppDomainVerifier instead of deprecated StrictHostnameVerifier. fixes #1189 2015-10-15 17:08:38 +02:00