fixed typo in resolver that cause hostnames not to be marked as authenticated (with DNSSec)
usually this wasn’t a problem as this is only the fallback after no IPs have been discovered. this also isn‘t a security issue as worst case is the hostname doesn’t get accepeted as fallback in cert validation. thanks @genofire for spotting this
This commit is contained in:
parent
5dd666257d
commit
0f40e7e73b
|
@ -651,7 +651,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
|
|||
final boolean wipe,
|
||||
final boolean firstAttempt) {
|
||||
final Bundle publishOptions = account.getXmppConnection().getFeatures().pepPublishOptions() ? PublishOptions.openAccess() : null;
|
||||
IqPacket publish = mXmppConnectionService.getIqGenerator().publishBundles(
|
||||
final IqPacket publish = mXmppConnectionService.getIqGenerator().publishBundles(
|
||||
signedPreKeyRecord, axolotlStore.getIdentityKeyPair().getPublicKey(),
|
||||
preKeyRecords, getOwnDeviceId(), publishOptions);
|
||||
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + ": Bundle " + getOwnDeviceId() + " in PEP not current. Publishing...");
|
||||
|
|
|
@ -61,7 +61,9 @@ public class Resolver {
|
|||
final Field dnsClientField = ReliableDNSClient.class.getDeclaredField("dnsClient");
|
||||
dnsClientField.setAccessible(true);
|
||||
final DNSClient dnsClient = (DNSClient) dnsClientField.get(reliableDNSClient);
|
||||
dnsClient.getDataSource().setTimeout(3000);
|
||||
if (dnsClient != null) {
|
||||
dnsClient.getDataSource().setTimeout(3000);
|
||||
}
|
||||
final Field useHardcodedDnsServers = DNSClient.class.getDeclaredField("useHardcodedDnsServers");
|
||||
useHardcodedDnsServers.setAccessible(true);
|
||||
useHardcodedDnsServers.setBoolean(dnsClient, false);
|
||||
|
@ -176,7 +178,7 @@ public class Resolver {
|
|||
final List<Result> ipv4s = resolveIp(record, A.class, result.isAuthenticData(), directTls);
|
||||
if (ipv4s.size() == 0) {
|
||||
Result resolverResult = Result.fromRecord(record, directTls);
|
||||
resolverResult.authenticated = resolverResult.isAuthenticated();
|
||||
resolverResult.authenticated = result.isAuthenticData();
|
||||
ipv4s.add(resolverResult);
|
||||
}
|
||||
synchronized (results) {
|
||||
|
@ -210,7 +212,7 @@ public class Resolver {
|
|||
ResolverResult<D> results = resolveWithFallback(srv.name, type, authenticated);
|
||||
for (D record : results.getAnswersOrEmptySet()) {
|
||||
Result resolverResult = Result.fromRecord(srv, directTls);
|
||||
resolverResult.authenticated = results.isAuthenticData() && authenticated;
|
||||
resolverResult.authenticated = results.isAuthenticData() && authenticated; //TODO technically it doesn’t matter if the IP was authenticated
|
||||
resolverResult.ip = record.getInetAddress();
|
||||
list.add(resolverResult);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue