diff --git a/app/src/main/java/com/nextcloud/talk/utils/ssl/MagicTrustManager.java b/app/src/main/java/com/nextcloud/talk/utils/ssl/MagicTrustManager.java index 9bcb07a52..225de2bcb 100644 --- a/app/src/main/java/com/nextcloud/talk/utils/ssl/MagicTrustManager.java +++ b/app/src/main/java/com/nextcloud/talk/utils/ssl/MagicTrustManager.java @@ -95,21 +95,26 @@ public class MagicTrustManager implements X509TrustManager { systemTrustManager.checkServerTrusted(new X509Certificate[]{x509Certificate}, "generic"); return true; } catch (CertificateException e) { - if (trustedKeyStore != null) { - try { - if (trustedKeyStore.getCertificateAlias(x509Certificate) != null) { - return true; - } - } catch (KeyStoreException exception) { - return false; - } - } - + return isCertInMagicTrustStore(x509Certificate); } } return false; } + private boolean isCertInMagicTrustStore(X509Certificate x509Certificate) { + if (trustedKeyStore != null) { + try { + if (trustedKeyStore.getCertificateAlias(x509Certificate) != null) { + return true; + } + } catch (KeyStoreException exception) { + return false; + } + } + + return false; + } + public void addCertInTrustStore(X509Certificate x509Certificate) { if (trustedKeyStore != null) { try { @@ -157,7 +162,7 @@ public class MagicTrustManager implements X509TrustManager { try { X509Certificate[] certificates = (X509Certificate[]) sslSession.getPeerCertificates(); - if (certificates.length > 0 && certificates[0] != null) { + if (certificates.length > 0 && certificates[0] != null && isCertInMagicTrustStore(certificates[0])) { return true; } } catch (SSLPeerUnverifiedException e) {