Check server certificate IP addresses

2024-12-30 19:56:10 +00:00 · 2022-01-30 13:12:48 +01:00 · 2022-01-30 13:12:48 +01:00 · 417f2eadc6
commit 417f2eadc6
parent 0115333611
1 changed files with 25 additions and 0 deletions
--- a/app/src/main/java/eu/faircode/email/EmailService.java
+++ b/app/src/main/java/eu/faircode/email/EmailService.java
@ -75,6 +75,7 @@ import java.util.HashMap;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Properties;
 import java.util.concurrent.ExecutorService;
 import java.util.regex.Pattern;
@ -1011,11 +1012,35 @@ public class EmailService implements AutoCloseable {
                                }
                            }

+
                            // Check host name
                            List<String> names = EntityCertificate.getDnsNames(certificate);
                            if (EntityCertificate.matches(server, names))
                                return;

+                            // Fallback: check server/certificate IP address
+                            try {
+                                InetAddress ip = InetAddress.getByName(server);
+                                for (String name : names) {
+                                    if (name.startsWith("*."))
+                                        name = name.substring(2);
+
+                                    try {
+                                        for (InetAddress addr : InetAddress.getAllByName(name))
+                                            if (Arrays.equals(ip.getAddress(), addr.getAddress())) {
+                                                Log.i("Accepted " + name + " for " + server);
+                                                return;
+                                            }
+                                    } catch (UnknownHostException ex) {
+                                        Log.w(ex);
+                                    }
+                                }
+                            } catch (UnknownHostException ex) {
+                                Log.w(ex);
+                            } catch (Throwable ex) {
+                                Log.e(ex);
+                            }
+
                            String error = server + " not in certificate: " + TextUtils.join(",", names);
                            Log.i(error);
                            throw new CertificateException(error);