Commit 8b03ee05 authored by Grigory Fedorov's avatar Grigory Fedorov

MemorizingTrustManager: submodule changed to redsolution/MemorizingTrustManager fork.

Certificate and server name user interaction can be disabled now. Security/check server certificate option turned on by default.
parent c98dfc17
...@@ -3,4 +3,4 @@ ...@@ -3,4 +3,4 @@
url = https://github.com/otr4j/otr4j.git url = https://github.com/otr4j/otr4j.git
[submodule "app/MemorizingTrustManager"] [submodule "app/MemorizingTrustManager"]
path = app/MemorizingTrustManager path = app/MemorizingTrustManager
url = https://github.com/ge0rg/MemorizingTrustManager.git url = https://github.com/redsolution/MemorizingTrustManager.git
Subproject commit 8b80fb176542fa96c1028c379be8de7e32c730df Subproject commit a1cea31efeab968683e461e6b4ab1e0b87293103
...@@ -46,6 +46,8 @@ import java.util.HashMap; ...@@ -46,6 +46,8 @@ import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
import de.duenndns.ssl.MemorizingTrustManager;
/** /**
* Manage certificate exceptions. * Manage certificate exceptions.
* <p/> * <p/>
...@@ -402,9 +404,9 @@ public class CertificateManager implements OnLoadListener, OnClearListener { ...@@ -402,9 +404,9 @@ public class CertificateManager implements OnLoadListener, OnClearListener {
public void removeCertificates() { public void removeCertificates() {
pendingCertificateProvider.clearNotifications(); pendingCertificateProvider.clearNotifications();
ignoreCertificates.clear(); ignoreCertificates.clear();
for (CertificateInvalidReason reason : CertificateInvalidReason for (CertificateInvalidReason reason : CertificateInvalidReason.values()) {
.values())
keyStores.put(reason, createKeyStore(reason)); keyStores.put(reason, createKeyStore(reason));
}
Application.getInstance().runInBackground(new Runnable() { Application.getInstance().runInBackground(new Runnable() {
@Override @Override
...@@ -414,5 +416,16 @@ public class CertificateManager implements OnLoadListener, OnClearListener { ...@@ -414,5 +416,16 @@ public class CertificateManager implements OnLoadListener, OnClearListener {
} }
}); });
MemorizingTrustManager mtm = new MemorizingTrustManager(Application.getInstance());
final Enumeration<String> certificates = mtm.getCertificates();
while (certificates.hasMoreElements()) {
try {
mtm.deleteCertificate(certificates.nextElement());
} catch (KeyStoreException e) {
e.printStackTrace();
}
}
} }
} }
...@@ -189,6 +189,7 @@ public class ConnectionThread implements ...@@ -189,6 +189,7 @@ public class ConnectionThread implements
try { try {
SSLContext sslContext = SSLContext.getInstance("TLS"); SSLContext sslContext = SSLContext.getInstance("TLS");
MemorizingTrustManager mtm = new MemorizingTrustManager(Application.getInstance()); MemorizingTrustManager mtm = new MemorizingTrustManager(Application.getInstance());
mtm.setTrustByDefault(!SettingsManager.securityCheckCertificate());
sslContext.init(null, new X509TrustManager[]{mtm}, new java.security.SecureRandom()); sslContext.init(null, new X509TrustManager[]{mtm}, new java.security.SecureRandom());
builder.setCustomSSLContext(sslContext); builder.setCustomSSLContext(sslContext);
builder.setHostnameVerifier( builder.setHostnameVerifier(
......
...@@ -439,7 +439,7 @@ ...@@ -439,7 +439,7 @@
<!-- preference_security --> <!-- preference_security -->
<string name="security_check_certificate_key">security_check_certificate</string> <string name="security_check_certificate_key">security_check_certificate</string>
<bool name="security_check_certificate_default">false</bool> <bool name="security_check_certificate_default">true</bool>
<string name="security_clear_certificate_key">security_clear_certificate</string> <string name="security_clear_certificate_key">security_clear_certificate</string>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment