From 492f353e790875da560d8b29bac86e7db0db8922 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Tue, 16 Jul 2013 18:45:35 +0200 Subject: Erroneous untrusted provider toast with LEAP fixed I've also rearranged how we handle SSL errors. In first place, if the user checked the "Trust completely" checkbox, leap_android tries to use the CA cert pointed out by provider.json. If that does not succeed, it uses an always-returning-true hostname verifier (this was previously done before using CA cert). --- src/se/leap/leapclient/ProviderAPI.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java index 37856f60..72b134e5 100644 --- a/src/se/leap/leapclient/ProviderAPI.java +++ b/src/se/leap/leapclient/ProviderAPI.java @@ -397,10 +397,9 @@ public class ProviderAPI extends IntentService { } else { displayToast(R.string.certificate_error); } - displayToast(R.string.certificate_error); } catch (Exception e) { if(provider_url != null && danger_on) { - json_file_content = getStringFromProviderWithoutValidate(provider_url); + json_file_content = getStringFromProviderWithCACertAdded(provider_url); } } @@ -433,7 +432,7 @@ public class ProviderAPI extends IntentService { } catch (MalformedURLException e) { displayToast(R.string.malformed_url); } catch (IOException e) { - json_string = getStringFromProviderWithCACertAdded(string_url); + json_string = getStringFromProviderIgnoringCertificate(string_url); } return json_string; @@ -485,7 +484,7 @@ public class ProviderAPI extends IntentService { displayToast(R.string.server_is_down_message); } catch (IOException e) { // The downloaded certificate doesn't validate our https connection. - json_file_content = getStringFromProviderIgnoringCertificate(url); + json_file_content = getStringFromProviderWithoutValidate(url); displayToast(R.string.certificate_error); } catch (KeyStoreException e) { // TODO Auto-generated catch block -- cgit v1.2.3