fixed typo in resolver that cause hostnames not to be marked as authenticated (with DNSSec)
usually this wasn’t a problem as this is only the fallback after no IPs have been discovered. this also isn‘t a security issue as worst case is the hostname doesn’t get accepeted as fallback in cert validation. thanks @genofire for spotting this
This commit is contained in:
parent
5dd666257d
commit
0f40e7e73b
|
@ -651,7 +651,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
|
||||||
final boolean wipe,
|
final boolean wipe,
|
||||||
final boolean firstAttempt) {
|
final boolean firstAttempt) {
|
||||||
final Bundle publishOptions = account.getXmppConnection().getFeatures().pepPublishOptions() ? PublishOptions.openAccess() : null;
|
final Bundle publishOptions = account.getXmppConnection().getFeatures().pepPublishOptions() ? PublishOptions.openAccess() : null;
|
||||||
IqPacket publish = mXmppConnectionService.getIqGenerator().publishBundles(
|
final IqPacket publish = mXmppConnectionService.getIqGenerator().publishBundles(
|
||||||
signedPreKeyRecord, axolotlStore.getIdentityKeyPair().getPublicKey(),
|
signedPreKeyRecord, axolotlStore.getIdentityKeyPair().getPublicKey(),
|
||||||
preKeyRecords, getOwnDeviceId(), publishOptions);
|
preKeyRecords, getOwnDeviceId(), publishOptions);
|
||||||
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + ": Bundle " + getOwnDeviceId() + " in PEP not current. Publishing...");
|
Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + ": Bundle " + getOwnDeviceId() + " in PEP not current. Publishing...");
|
||||||
|
|
|
@ -61,7 +61,9 @@ public class Resolver {
|
||||||
final Field dnsClientField = ReliableDNSClient.class.getDeclaredField("dnsClient");
|
final Field dnsClientField = ReliableDNSClient.class.getDeclaredField("dnsClient");
|
||||||
dnsClientField.setAccessible(true);
|
dnsClientField.setAccessible(true);
|
||||||
final DNSClient dnsClient = (DNSClient) dnsClientField.get(reliableDNSClient);
|
final DNSClient dnsClient = (DNSClient) dnsClientField.get(reliableDNSClient);
|
||||||
|
if (dnsClient != null) {
|
||||||
dnsClient.getDataSource().setTimeout(3000);
|
dnsClient.getDataSource().setTimeout(3000);
|
||||||
|
}
|
||||||
final Field useHardcodedDnsServers = DNSClient.class.getDeclaredField("useHardcodedDnsServers");
|
final Field useHardcodedDnsServers = DNSClient.class.getDeclaredField("useHardcodedDnsServers");
|
||||||
useHardcodedDnsServers.setAccessible(true);
|
useHardcodedDnsServers.setAccessible(true);
|
||||||
useHardcodedDnsServers.setBoolean(dnsClient, false);
|
useHardcodedDnsServers.setBoolean(dnsClient, false);
|
||||||
|
@ -176,7 +178,7 @@ public class Resolver {
|
||||||
final List<Result> ipv4s = resolveIp(record, A.class, result.isAuthenticData(), directTls);
|
final List<Result> ipv4s = resolveIp(record, A.class, result.isAuthenticData(), directTls);
|
||||||
if (ipv4s.size() == 0) {
|
if (ipv4s.size() == 0) {
|
||||||
Result resolverResult = Result.fromRecord(record, directTls);
|
Result resolverResult = Result.fromRecord(record, directTls);
|
||||||
resolverResult.authenticated = resolverResult.isAuthenticated();
|
resolverResult.authenticated = result.isAuthenticData();
|
||||||
ipv4s.add(resolverResult);
|
ipv4s.add(resolverResult);
|
||||||
}
|
}
|
||||||
synchronized (results) {
|
synchronized (results) {
|
||||||
|
@ -210,7 +212,7 @@ public class Resolver {
|
||||||
ResolverResult<D> results = resolveWithFallback(srv.name, type, authenticated);
|
ResolverResult<D> results = resolveWithFallback(srv.name, type, authenticated);
|
||||||
for (D record : results.getAnswersOrEmptySet()) {
|
for (D record : results.getAnswersOrEmptySet()) {
|
||||||
Result resolverResult = Result.fromRecord(srv, directTls);
|
Result resolverResult = Result.fromRecord(srv, directTls);
|
||||||
resolverResult.authenticated = results.isAuthenticData() && authenticated;
|
resolverResult.authenticated = results.isAuthenticData() && authenticated; //TODO technically it doesn’t matter if the IP was authenticated
|
||||||
resolverResult.ip = record.getInetAddress();
|
resolverResult.ip = record.getInetAddress();
|
||||||
list.add(resolverResult);
|
list.add(resolverResult);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue