Added option to disable host name checks

2026-03-30 13:47:05 +02:00 · 2023-12-20 10:24:53 +01:00
parent db105290a8
commit d78ad87c5f
6 changed files with 65 additions and 35 deletions
--- a/app/src/main/java/eu/faircode/email/EmailService.java
+++ b/app/src/main/java/eu/faircode/email/EmailService.java
@@ -103,6 +103,7 @@ public class EmailService implements AutoCloseable {
    private boolean ssl_harden;
    private boolean ssl_harden_strict;
    private boolean cert_strict;
+    private boolean check_names;
    private boolean useip;
    private String ehlo;
    private boolean log;
@@ -190,6 +191,7 @@ public class EmailService implements AutoCloseable {
        this.ssl_harden = prefs.getBoolean("ssl_harden", false);
        this.ssl_harden_strict = prefs.getBoolean("ssl_harden_strict", false);
        this.cert_strict = prefs.getBoolean("cert_strict", true);
+        this.check_names = prefs.getBoolean("check_names", !BuildConfig.PLAY_STORE_RELEASE);

        boolean auth_plain = prefs.getBoolean("auth_plain", true);
        boolean auth_login = prefs.getBoolean("auth_login", true);
@@ -449,7 +451,8 @@ public class EmailService implements AutoCloseable {

            boolean bc = prefs.getBoolean("bouncy_castle", false);
            boolean fips = prefs.getBoolean("bc_fips", false);
-            factory = new SSLSocketFactoryService(host, insecure, ssl_harden, strict, cert_strict, bc, fips, key, chain, fingerprint);
+            factory = new SSLSocketFactoryService(
+                    host, insecure, ssl_harden, strict, cert_strict, check_names, bc, fips, key, chain, fingerprint);
            properties.put("mail." + protocol + ".ssl.socketFactory", factory);
            properties.put("mail." + protocol + ".socketFactory.fallback", "false");
            properties.put("mail." + protocol + ".ssl.checkserveridentity", "false");
@@ -1037,7 +1040,7 @@ public class EmailService implements AutoCloseable {
        private X509Certificate certificate;

        SSLSocketFactoryService(String host, boolean insecure,
-                                boolean ssl_harden, boolean ssl_harden_strict, boolean cert_strict,
+                                boolean ssl_harden, boolean ssl_harden_strict, boolean cert_strict, boolean check_names,
                                boolean bc, boolean fips,
                                PrivateKey key, X509Certificate[] chain, String fingerprint) throws GeneralSecurityException {
            this.server = host;
@@ -1047,7 +1050,7 @@ public class EmailService implements AutoCloseable {
            this.cert_strict = cert_strict;
            this.trustedFingerprint = fingerprint;

-            TrustManager[] tms = SSLHelper.getTrustManagers(server, secure, cert_strict, trustedFingerprint,
+            TrustManager[] tms = SSLHelper.getTrustManagers(server, secure, cert_strict, check_names, trustedFingerprint,
                    new SSLHelper.ITrust() {
                        @Override
                        public void checkServerTrusted(X509Certificate[] chain) {