fix regression introduces with OF fix. properly fall back to common name

This commit is contained in:
Daniel Gultsch 2017-07-17 21:11:15 +02:00
parent 0a20b87ebe
commit 217335703c

View File

@ -30,8 +30,8 @@ public class XmppDomainVerifier implements DomainHostnameVerifier {
private static final String LOGTAG = "XmppDomainVerifier"; private static final String LOGTAG = "XmppDomainVerifier";
private final String SRVName = "1.3.6.1.5.5.7.8.7"; private static final String SRV_NAME = "1.3.6.1.5.5.7.8.7";
private final String xmppAddr = "1.3.6.1.5.5.7.8.5"; private static final String XMPP_ADDR = "1.3.6.1.5.5.7.8.5";
@Override @Override
public boolean verify(String domain, String hostname, SSLSession sslSession) { public boolean verify(String domain, String hostname, SSLSession sslSession) {
@ -41,9 +41,9 @@ public class XmppDomainVerifier implements DomainHostnameVerifier {
return false; return false;
} }
X509Certificate certificate = (X509Certificate) chain[0]; X509Certificate certificate = (X509Certificate) chain[0];
final List<String> commonNames = getCommonNames(certificate);
if (isSelfSigned(certificate)) { if (isSelfSigned(certificate)) {
List<String> domains = getCommonNames(certificate); if (commonNames.size() == 1 && commonNames.get(0).equals(domain)) {
if (domains.size() == 1 && domains.get(0).equals(domain)) {
Log.d(LOGTAG,"accepted CN in cert self signed cert for "+domain); Log.d(LOGTAG,"accepted CN in cert self signed cert for "+domain);
return true; return true;
} }
@ -59,10 +59,10 @@ public class XmppDomainVerifier implements DomainHostnameVerifier {
Pair<String, String> otherName = parseOtherName((byte[]) san.get(1)); Pair<String, String> otherName = parseOtherName((byte[]) san.get(1));
if (otherName != null) { if (otherName != null) {
switch (otherName.first) { switch (otherName.first) {
case SRVName: case SRV_NAME:
srvNames.add(otherName.second); srvNames.add(otherName.second);
break; break;
case xmppAddr: case XMPP_ADDR:
xmppAddrs.add(otherName.second); xmppAddrs.add(otherName.second);
break; break;
default: default:
@ -78,7 +78,7 @@ public class XmppDomainVerifier implements DomainHostnameVerifier {
} }
} }
if (srvNames.size() == 0 && xmppAddrs.size() == 0 && domains.size() == 0) { if (srvNames.size() == 0 && xmppAddrs.size() == 0 && domains.size() == 0) {
domains.addAll(domains); domains.addAll(commonNames);
} }
Log.d(LOGTAG, "searching for " + domain + " in srvNames: " + srvNames + " xmppAddrs: " + xmppAddrs + " domains:" + domains); Log.d(LOGTAG, "searching for " + domain + " in srvNames: " + srvNames + " xmppAddrs: " + xmppAddrs + " domains:" + domains);
if (hostname != null) { if (hostname != null) {