Use cert pinning only if available

2016-04-09 18:34:00 +02:00
parent 2d762e55da
commit c8e5395d4e
7 changed files with 36 additions and 41 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/AddEditKeyserverDialogFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/AddEditKeyserverDialogFragment.java
@@ -353,8 +353,6 @@ public class AddEditKeyserverDialogFragment extends DialogFragment implements On

                    Log.d("Converted URL", newKeyserver.toString());

-                    OkHttpClient client = OkHttpClientFactory.getPinnedClient(newKeyserver.toURL(), proxy);
-
                    if (onlyTrustedKeyserver
                            && TlsHelper.getPinnedSslSocketFactory(newKeyserver.toURL()) == null) {
                        Log.w(Constants.TAG, "No pinned certificate for this host in OpenKeychain's assets.");
@@ -362,6 +360,8 @@ public class AddEditKeyserverDialogFragment extends DialogFragment implements On
                        return reason;
                    }

+                    OkHttpClient client = OkHttpClientFactory.getClientPinnedIfAvailable(newKeyserver.toURL(), proxy);
+
                    client.newCall(new Request.Builder().url(newKeyserver.toURL()).build()).execute();
                } catch (TlsHelper.TlsHelperException e) {
                    reason = FailureReason.CONNECTION_FAILED;