From 8858e98158d7d4273b17a5fd5da30040572dd439 Mon Sep 17 00:00:00 2001
From: M66B <M66B@users.noreply.github.com>
Date: Wed, 19 Jun 2024 18:23:35 +0200
Subject: [PATCH] DANA: use Android resolver

---
 app/src/main/java/eu/faircode/email/DnsHelper.java | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/app/src/main/java/eu/faircode/email/DnsHelper.java b/app/src/main/java/eu/faircode/email/DnsHelper.java
index cbb43664b3..0aafa8d861 100644
--- a/app/src/main/java/eu/faircode/email/DnsHelper.java
+++ b/app/src/main/java/eu/faircode/email/DnsHelper.java
@@ -390,7 +390,17 @@ public class DnsHelper {
         try {
             Logger.getLogger(clazz).addHandler(handler);
             Log.w("DANE verify " + server + ":" + port);
-            boolean verified = new DaneVerifier().verifyCertificateChain(chain, server, port);
+
+            DnssecClient client = DnssecResolverApi.INSTANCE.getDnssecClient();
+
+            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q)
+                client.setDataSource(new AndroidDataSource());
+
+            client.getDataSource().setTimeout(LOOKUP_TIMEOUT * 1000);
+
+            client.setUseHardcodedDnsServers(false);
+
+            boolean verified = new DaneVerifier(client).verifyCertificateChain(chain, server, port);
             Log.w("DANE verified=" + verified + " " + server + ":" + port);
             if (!verified)
                 throw new CertificateException("DANE missing or invalid",