Commit 8b03ee05 authored by Grigory Fedorov's avatar Grigory Fedorov

MemorizingTrustManager: submodule changed to redsolution/MemorizingTrustManager fork.

Certificate and server name user interaction can be disabled now. Security/check server certificate option turned on by default.
parent c98dfc17
......@@ -3,4 +3,4 @@
url = https://github.com/otr4j/otr4j.git
[submodule "app/MemorizingTrustManager"]
path = app/MemorizingTrustManager
url = https://github.com/ge0rg/MemorizingTrustManager.git
url = https://github.com/redsolution/MemorizingTrustManager.git
Subproject commit 8b80fb176542fa96c1028c379be8de7e32c730df
Subproject commit a1cea31efeab968683e461e6b4ab1e0b87293103
......@@ -46,6 +46,8 @@ import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import de.duenndns.ssl.MemorizingTrustManager;
/**
* Manage certificate exceptions.
* <p/>
......@@ -402,9 +404,9 @@ public class CertificateManager implements OnLoadListener, OnClearListener {
public void removeCertificates() {
pendingCertificateProvider.clearNotifications();
ignoreCertificates.clear();
for (CertificateInvalidReason reason : CertificateInvalidReason
.values())
for (CertificateInvalidReason reason : CertificateInvalidReason.values()) {
keyStores.put(reason, createKeyStore(reason));
}
Application.getInstance().runInBackground(new Runnable() {
@Override
......@@ -414,5 +416,16 @@ public class CertificateManager implements OnLoadListener, OnClearListener {
}
});
MemorizingTrustManager mtm = new MemorizingTrustManager(Application.getInstance());
final Enumeration<String> certificates = mtm.getCertificates();
while (certificates.hasMoreElements()) {
try {
mtm.deleteCertificate(certificates.nextElement());
} catch (KeyStoreException e) {
e.printStackTrace();
}
}
}
}
......@@ -189,6 +189,7 @@ public class ConnectionThread implements
try {
SSLContext sslContext = SSLContext.getInstance("TLS");
MemorizingTrustManager mtm = new MemorizingTrustManager(Application.getInstance());
mtm.setTrustByDefault(!SettingsManager.securityCheckCertificate());
sslContext.init(null, new X509TrustManager[]{mtm}, new java.security.SecureRandom());
builder.setCustomSSLContext(sslContext);
builder.setHostnameVerifier(
......
......@@ -439,7 +439,7 @@
<!-- preference_security -->
<string name="security_check_certificate_key">security_check_certificate</string>
<bool name="security_check_certificate_default">false</bool>
<bool name="security_check_certificate_default">true</bool>
<string name="security_clear_certificate_key">security_clear_certificate</string>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment