Commit 1d220323 authored by Daniel Henninger's avatar Daniel Henninger Committed by dhenninger

[JM-1394] Better fix for cert checking.

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10543 b35dd754-fafc-0310-a699-88a17e54d16e
parent 46fde7d7
......@@ -140,11 +140,24 @@ public class ServerTrustManager implements X509TrustManager {
// a wildcard.
Boolean found = false;
for (String identity : peerIdentities) {
if (identity.equals(server) || identity.equals("*." + server)) {
if (identity.startsWith("*.")) {
// strip off asterisks, but keep leading dot
// to insure endsWith() only matches a subdomain
// of the intended domain
identity = identity.replace("*.", ".");
if (server.endsWith(identity)) {
found = true;
break;
}
}
else {
if (server.equals(identity)) {
found = true;
break;
}
}
}
if (!found) {
throw new CertificateException("target verification failed of " + peerIdentities);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment