Use DefaultHostnameVerifier from Apache's httpclient5

2022-05-02 19:23:38 +02:00 · 2022-05-02 19:23:38 +02:00 · 171c0eca43
commit 171c0eca43
parent 3690972274
2 changed files with 7 additions and 2 deletions
--- a/mail/common/build.gradle
+++ b/mail/common/build.gradle
@ -14,6 +14,9 @@ dependencies {
    implementation "commons-io:commons-io:${versions.commonsIo}"
    implementation "com.squareup.moshi:moshi:${versions.moshi}"

+    // We're only using this for its DefaultHostnameVerifier
+    implementation "org.apache.httpcomponents.client5:httpclient5:5.1.3"
+
    testImplementation project(":mail:testing")
    testImplementation "junit:junit:${versions.junit}"
    testImplementation "com.google.truth:truth:${versions.truth}"
--- a/mail/common/src/main/java/com/fsck/k9/mail/ssl/TrustManagerFactory.java
+++ b/mail/common/src/main/java/com/fsck/k9/mail/ssl/TrustManagerFactory.java
@ -15,7 +15,7 @@ import com.fsck.k9.mail.CertificateChainException;
 import javax.net.ssl.SSLException;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
-import org.apache.http.conn.ssl.StrictHostnameVerifier;
+import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier;

 public class TrustManagerFactory {
    public static TrustManagerFactory createInstance(LocalKeyStore localKeyStore) {
@ -68,6 +68,8 @@ public class TrustManagerFactory {
    }

    private class SecureX509TrustManager implements X509TrustManager {
+        private final DefaultHostnameVerifier hostnameVerifier = new DefaultHostnameVerifier();
+
        private final String mHost;
        private final int mPort;

@ -90,7 +92,7 @@ public class TrustManagerFactory {

            try {
                defaultTrustManager.checkServerTrusted(chain, authType);
-                new StrictHostnameVerifier().verify(mHost, certificate);
+                hostnameVerifier.verify(mHost, certificate);
                return;
            } catch (CertificateException e) {
                // cert. chain can't be validated