From 8a729061d58be833ced01996efd644c067ed94e2 Mon Sep 17 00:00:00 2001
From: Daniel Gultsch <daniel@gultsch.de>
Date: Mon, 17 Jul 2017 23:13:55 +0200
Subject: [PATCH] use CN-workaround for pre-kitkat

---
 .../eu/siacs/conversations/crypto/XmppDomainVerifier.java   | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java b/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java
index d6a460881..3fbdd3fe1 100644
--- a/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java
+++ b/src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java
@@ -1,5 +1,6 @@
 package eu.siacs.conversations.crypto;
 
+import android.os.Build;
 import android.util.Log;
 import android.util.Pair;
 
@@ -42,9 +43,10 @@ public class XmppDomainVerifier implements DomainHostnameVerifier {
 			}
 			X509Certificate certificate = (X509Certificate) chain[0];
 			final List<String> commonNames = getCommonNames(certificate);
-			if (isSelfSigned(certificate)) {
+			final boolean isSelfSignedCertificate = isSelfSigned(certificate);
+			if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT || isSelfSignedCertificate) {
 				if (commonNames.size() == 1 && commonNames.get(0).equals(domain)) {
-					Log.d(LOGTAG,"accepted CN in cert self signed cert for "+domain);
+					Log.d(LOGTAG,"accepted CN in cert as work around for "+domain+" isSelfSigned="+Boolean.toString(isSelfSignedCertificate)+", sdkInt="+Build.VERSION.SDK_INT);
 					return true;
 				}
 			}