From 417f2eadc6bbce38e54ee592aad595e8f0d34c77 Mon Sep 17 00:00:00 2001 From: M66B Date: Sun, 30 Jan 2022 13:12:48 +0100 Subject: [PATCH] Check server certificate IP addresses --- .../java/eu/faircode/email/EmailService.java | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/app/src/main/java/eu/faircode/email/EmailService.java b/app/src/main/java/eu/faircode/email/EmailService.java index 80ccca054d..8ad906abf9 100644 --- a/app/src/main/java/eu/faircode/email/EmailService.java +++ b/app/src/main/java/eu/faircode/email/EmailService.java @@ -75,6 +75,7 @@ import java.util.HashMap; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; +import java.util.Objects; import java.util.Properties; import java.util.concurrent.ExecutorService; import java.util.regex.Pattern; @@ -1011,11 +1012,35 @@ public class EmailService implements AutoCloseable { } } + // Check host name List names = EntityCertificate.getDnsNames(certificate); if (EntityCertificate.matches(server, names)) return; + // Fallback: check server/certificate IP address + try { + InetAddress ip = InetAddress.getByName(server); + for (String name : names) { + if (name.startsWith("*.")) + name = name.substring(2); + + try { + for (InetAddress addr : InetAddress.getAllByName(name)) + if (Arrays.equals(ip.getAddress(), addr.getAddress())) { + Log.i("Accepted " + name + " for " + server); + return; + } + } catch (UnknownHostException ex) { + Log.w(ex); + } + } + } catch (UnknownHostException ex) { + Log.w(ex); + } catch (Throwable ex) { + Log.e(ex); + } + String error = server + " not in certificate: " + TextUtils.join(",", names); Log.i(error); throw new CertificateException(error);