cogentleman/xmpp_client
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
8afe7efc2c
xmpp_client/src/main/java/eu/siacs/conversations/crypto
History
Daniel Gultsch 8afe7efc2c workaround for OpenFire: check CN first in self signed certs 
The self signed certificates created by OpenFire (Not sure if other
certs are affected as well) will crash the Java/Android TLS stack when
accessing getSubjectAlternativeNames() on the the peer certificate.

This usually goes unnoticed in other applications since the
DefaultHostnameVerifier checkes the CN first. That however is a
violation of RFC6125 section 6.4.4 which requires us to check for the
existence of SAN first.

This commit adds a work around where in self signed certificates we
check for the CN first as well. (Avoiding the call to
getSubjectAlternativeNames())
2017-07-16 11:05:25 +02:00
..
axolotl fixed fingerprint trust (was messed up after library upgrade) 2017-06-25 18:18:13 +02:00
sasl Add SCRAM-SHA-2 support 2017-01-15 23:43:44 -06:00
OtrService.java add explicit encryption hints to outgoing messages 2017-01-26 19:19:08 +01:00
PgpDecryptionService.java treat URL as file if URL is in oob or contains key 2017-04-05 22:35:42 +02:00
PgpEngine.java display open pgp key id in account details and allow to delete. fixes #2470 2017-05-04 13:02:46 +02:00
XmppDomainVerifier.java workaround for OpenFire: check CN first in self signed certs 2017-07-16 11:05:25 +02:00