From 217335703c7e30813c1d5054b25bf3cfdb37205e Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Mon, 17 Jul 2017 21:11:15 +0200 Subject: [PATCH] fix regression introduces with OF fix. properly fall back to common name --- .../conversations/crypto/XmppDomainVerifier.java | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java b/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java index ba4e10160..d6a460881 100644 --- a/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java +++ b/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java @@ -30,8 +30,8 @@ public class XmppDomainVerifier implements DomainHostnameVerifier { private static final String LOGTAG = "XmppDomainVerifier"; - private final String SRVName = "1.3.6.1.5.5.7.8.7"; - private final String xmppAddr = "1.3.6.1.5.5.7.8.5"; + private static final String SRV_NAME = "1.3.6.1.5.5.7.8.7"; + private static final String XMPP_ADDR = "1.3.6.1.5.5.7.8.5"; @Override public boolean verify(String domain, String hostname, SSLSession sslSession) { @@ -41,9 +41,9 @@ public class XmppDomainVerifier implements DomainHostnameVerifier { return false; } X509Certificate certificate = (X509Certificate) chain[0]; + final List commonNames = getCommonNames(certificate); if (isSelfSigned(certificate)) { - List domains = getCommonNames(certificate); - if (domains.size() == 1 && domains.get(0).equals(domain)) { + if (commonNames.size() == 1 && commonNames.get(0).equals(domain)) { Log.d(LOGTAG,"accepted CN in cert self signed cert for "+domain); return true; } @@ -59,10 +59,10 @@ public class XmppDomainVerifier implements DomainHostnameVerifier { Pair otherName = parseOtherName((byte[]) san.get(1)); if (otherName != null) { switch (otherName.first) { - case SRVName: + case SRV_NAME: srvNames.add(otherName.second); break; - case xmppAddr: + case XMPP_ADDR: xmppAddrs.add(otherName.second); break; default: @@ -78,7 +78,7 @@ public class XmppDomainVerifier implements DomainHostnameVerifier { } } if (srvNames.size() == 0 && xmppAddrs.size() == 0 && domains.size() == 0) { - domains.addAll(domains); + domains.addAll(commonNames); } Log.d(LOGTAG, "searching for " + domain + " in srvNames: " + srvNames + " xmppAddrs: " + xmppAddrs + " domains:" + domains); if (hostname != null) {