From c8bd5bc1f5f16120a60cf2f836e0b2d12c76a66a Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Sun, 23 Jul 2017 07:47:36 +0200 Subject: [PATCH] made OF selfSigned() workaround only available >=kitkat this undos 8a729061d58be833ced01996efd644c067ed94e2. as it turns out 4.1 and 4.0 only break when checking if a cert is self signed. --- .../eu/siacs/conversations/crypto/XmppDomainVerifier.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java b/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java index 3fbdd3fe1..6d5bb2a56 100644 --- a/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java +++ b/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java @@ -43,10 +43,9 @@ public class XmppDomainVerifier implements DomainHostnameVerifier { } X509Certificate certificate = (X509Certificate) chain[0]; final List commonNames = getCommonNames(certificate); - final boolean isSelfSignedCertificate = isSelfSigned(certificate); - if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT || isSelfSignedCertificate) { - if (commonNames.size() == 1 && commonNames.get(0).equals(domain)) { - Log.d(LOGTAG,"accepted CN in cert as work around for "+domain+" isSelfSigned="+Boolean.toString(isSelfSignedCertificate)+", sdkInt="+Build.VERSION.SDK_INT); + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT && isSelfSigned(certificate)) { + if (commonNames.size() == 1 && matchDomain(domain,commonNames)) { + Log.d(LOGTAG,"accepted CN in self signed cert as work around for "+domain); return true; } }