From c8bd5bc1f5f16120a60cf2f836e0b2d12c76a66a Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Sun, 23 Jul 2017 07:47:36 +0200 Subject: [PATCH 1/2] made OF selfSigned() workaround only available >=kitkat this undos 8a729061d58be833ced01996efd644c067ed94e2. as it turns out 4.1 and 4.0 only break when checking if a cert is self signed. --- .../eu/siacs/conversations/crypto/XmppDomainVerifier.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java b/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java index 3fbdd3fe1..6d5bb2a56 100644 --- a/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java +++ b/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java @@ -43,10 +43,9 @@ public class XmppDomainVerifier implements DomainHostnameVerifier { } X509Certificate certificate = (X509Certificate) chain[0]; final List commonNames = getCommonNames(certificate); - final boolean isSelfSignedCertificate = isSelfSigned(certificate); - if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT || isSelfSignedCertificate) { - if (commonNames.size() == 1 && commonNames.get(0).equals(domain)) { - Log.d(LOGTAG,"accepted CN in cert as work around for "+domain+" isSelfSigned="+Boolean.toString(isSelfSignedCertificate)+", sdkInt="+Build.VERSION.SDK_INT); + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT && isSelfSigned(certificate)) { + if (commonNames.size() == 1 && matchDomain(domain,commonNames)) { + Log.d(LOGTAG,"accepted CN in self signed cert as work around for "+domain); return true; } } From 7ac26952d7727a8fb56ca20e1644344bae9167bf Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Sun, 23 Jul 2017 07:51:13 +0200 Subject: [PATCH 2/2] version bump to 1.19.5 + changelog --- CHANGELOG.md | 3 +++ build.gradle | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 620517826..2298b1dd8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ # Changelog +### Version 1.19.5 +* fixed connection loop on Android <4.4 + ### Version 1.19.4 * work around for OpensFire’s self signed certs * use VPN’s DNS servers first diff --git a/build.gradle b/build.gradle index 054fc201d..88acce651 100644 --- a/build.gradle +++ b/build.gradle @@ -56,8 +56,8 @@ android { defaultConfig { minSdkVersion 14 targetSdkVersion 25 - versionCode 227 - versionName "1.19.4" + versionCode 228 + versionName "1.19.5" archivesBaseName += "-$versionName" applicationId "eu.siacs.conversations" }