Fix ssl hostname verification

Signed-off-by: Mario Danic <mario@lovelyhq.com>

app/src/main/java/com/nextcloud/talk/utils/ssl/MagicTrustManager.java

@@ -95,21 +95,26 @@ public class MagicTrustManager implements X509TrustManager {
                 systemTrustManager.checkServerTrusted(new X509Certificate[]{x509Certificate}, "generic");
                 return true;
             } catch (CertificateException e) {
-                if (trustedKeyStore != null) {
+                return isCertInMagicTrustStore(x509Certificate);
-                    try {
-                        if (trustedKeyStore.getCertificateAlias(x509Certificate) != null) {
-                            return true;
-                        }
-                    } catch (KeyStoreException exception) {
-                        return false;
-                    }
-                }
-
             }
         }
         return false;
     }
 
+    private boolean isCertInMagicTrustStore(X509Certificate x509Certificate) {
+        if (trustedKeyStore != null) {
+            try {
+                if (trustedKeyStore.getCertificateAlias(x509Certificate) != null) {
+                    return true;
+                }
+            } catch (KeyStoreException exception) {
+                return false;
+            }
+        }
+
+        return false;
+    }
+
     public void addCertInTrustStore(X509Certificate x509Certificate) {
         if (trustedKeyStore != null) {
             try {
@@ -157,7 +162,7 @@ public class MagicTrustManager implements X509TrustManager {
 
             try {
                 X509Certificate[] certificates = (X509Certificate[]) sslSession.getPeerCertificates();
-                if (certificates.length > 0 && certificates[0] != null) {
+                if (certificates.length > 0 && certificates[0] != null && isCertInMagicTrustStore(certificates[0])) {
                     return true;
                 }
             } catch (SSLPeerUnverifiedException e) {