vanitasvitae/Smack
1
0
Fork 0
mirror of https://github.com/vanitasvitae/Smack.git synced 2025-09-10 17:49:38 +02:00
Code Issues Releases Wiki Activity

Remove ServerTrustManager

Browse source 
The implementation of ServerTrustManger contains a security
vulnerability, which could lead to unauthorized certificates being
erroneously trusted. SMACK-410
This commit is contained in:
Florian Schmaus 2014-02-10 12:07:39 +01:00
parent 5f5805cd1c
commit 93030c218c
3 changed files with 1 additions and 529 deletions
Download patch file Download diff file Expand all files Collapse all files

3
source/org/jivesoftware/smack/XMPPConnection.java
View file

@ -844,8 +844,7 @@ public class XMPPConnection extends Connection {
// Verify certificate presented by the server
if (context == null) {
context = SSLContext.getInstance("TLS");
context.init(kms, new javax.net.ssl.TrustManager[] { new ServerTrustManager(getServiceName(), config) },
new java.security.SecureRandom());
context.init(kms, null, new java.security.SecureRandom());
}
Socket plain = socket;
// Secure the plain connection