From c8bd5bc1f5f16120a60cf2f836e0b2d12c76a66a Mon Sep 17 00:00:00 2001
From: Daniel Gultsch <daniel@gultsch.de>
Date: Sun, 23 Jul 2017 07:47:36 +0200
Subject: [PATCH 1/2] made OF selfSigned() workaround only available >=kitkat

this undos 8a729061d58be833ced01996efd644c067ed94e2. as it turns out 4.1
and 4.0 only break when checking if a cert is self signed.
---
 .../eu/siacs/conversations/crypto/XmppDomainVerifier.java  | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java b/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java
index 3fbdd3fe1..6d5bb2a56 100644
--- a/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java
+++ b/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java
@@ -43,10 +43,9 @@ public class XmppDomainVerifier implements DomainHostnameVerifier {
 			}
 			X509Certificate certificate = (X509Certificate) chain[0];
 			final List<String> commonNames = getCommonNames(certificate);
-			final boolean isSelfSignedCertificate = isSelfSigned(certificate);
-			if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT || isSelfSignedCertificate) {
-				if (commonNames.size() == 1 && commonNames.get(0).equals(domain)) {
-					Log.d(LOGTAG,"accepted CN in cert as work around for "+domain+" isSelfSigned="+Boolean.toString(isSelfSignedCertificate)+", sdkInt="+Build.VERSION.SDK_INT);
+			if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT && isSelfSigned(certificate)) {
+				if (commonNames.size() == 1 && matchDomain(domain,commonNames)) {
+					Log.d(LOGTAG,"accepted CN in self signed cert as work around for "+domain);
 					return true;
 				}
 			}

From 7ac26952d7727a8fb56ca20e1644344bae9167bf Mon Sep 17 00:00:00 2001
From: Daniel Gultsch <daniel@gultsch.de>
Date: Sun, 23 Jul 2017 07:51:13 +0200
Subject: [PATCH 2/2] version bump to 1.19.5 + changelog

---
 CHANGELOG.md | 3 +++
 build.gradle | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 620517826..2298b1dd8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Changelog
 
+### Version 1.19.5
+* fixed connection loop on Android <4.4
+
 ### Version 1.19.4
 * work around for OpensFire’s self signed certs
 * use VPN’s DNS servers first
diff --git a/build.gradle b/build.gradle
index 054fc201d..88acce651 100644
--- a/build.gradle
+++ b/build.gradle
@@ -56,8 +56,8 @@ android {
     defaultConfig {
         minSdkVersion 14
         targetSdkVersion 25
-        versionCode 227
-        versionName "1.19.4"
+        versionCode 228
+        versionName "1.19.5"
         archivesBaseName += "-$versionName"
         applicationId "eu.siacs.conversations"
     }