From e12e57bdc9a67950e1858dcd0c1a798d6c4adba8 Mon Sep 17 00:00:00 2001 From: M66B Date: Tue, 17 Dec 2019 10:58:42 +0100 Subject: [PATCH] Check all certificate names --- .../java/eu/faircode/email/MailService.java | 23 +++++++++++-------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/app/src/main/java/eu/faircode/email/MailService.java b/app/src/main/java/eu/faircode/email/MailService.java index 0867ade85b..0a4f810527 100644 --- a/app/src/main/java/eu/faircode/email/MailService.java +++ b/app/src/main/java/eu/faircode/email/MailService.java @@ -108,11 +108,14 @@ public class MailService implements AutoCloseable { boolean trusted = false; - String name = getDnsName(certificate); - if (name != null && matches(server, name)) - trusted = true; - else - Log.e("Certificate mismatch server=" + server + " name=" + name); + List names = getDnsNames(certificate); + for (String name : names) + if (matches(server, name)) + trusted = true; + + if (!trusted) + Log.e("Certificate mismatch" + + " server=" + server + " names=" + TextUtils.join(",", names)); if (getFingerPrint(certificate).equals(trustedFingerprint)) trusted = true; @@ -470,16 +473,18 @@ public class MailService implements AutoCloseable { } } - private static String getDnsName(X509Certificate certificate) throws CertificateParsingException { + private static List getDnsNames(X509Certificate certificate) throws CertificateParsingException { + List result = new ArrayList<>(); + Collection> altNames = certificate.getSubjectAlternativeNames(); if (altNames == null) - return null; + return result; for (List altName : altNames) if (altName.get(0).equals(GeneralName.dNSName)) - return (String) altName.get(1); + result.add((String) altName.get(1)); - return null; + return result; } private static String getFingerPrint(X509Certificate certificate) throws CertificateEncodingException, NoSuchAlgorithmException {