Merge pull request #799 from mfietz/version_1.1.21.1.2

Fix gpodder certificate validation

3 files changed, 3 insertions, 78 deletions

diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml
index 7a4c8366e..bbdc5a4d7 100644
--- a/app/src/main/AndroidManifest.xml
+++ b/app/src/main/AndroidManifest.xml
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="utf-8"?>
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
     package="de.danoeh.antennapod"
-    android:versionCode="51"
-    android:versionName="1.1.1">
+    android:versionCode="52"
+    android:versionName="1.1.2">
 
     <uses-permission android:name="android.permission.INTERNET"/>
     <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
diff --git a/app/src/main/assets/about.html b/app/src/main/assets/about.html
index d8face548..d9fcb80ca 100644
--- a/app/src/main/assets/about.html
+++ b/app/src/main/assets/about.html
@@ -41,7 +41,7 @@
 <div id="header" align="center">
     <img src="logo.png" alt="Logo" width="100px" height="100px"/>
 
-    <p>AntennaPod, Version 1.1</p>
+    <p>AntennaPod, Version 1.1.2</p>
 
     <p>Copyright © 2014 Daniel Oeh</p>
 
diff --git a/core/src/main/java/de/danoeh/antennapod/core/gpoddernet/GpodnetService.java b/core/src/main/java/de/danoeh/antennapod/core/gpoddernet/GpodnetService.java
index a353c984a..4d88449d6 100644
--- a/core/src/main/java/de/danoeh/antennapod/core/gpoddernet/GpodnetService.java
+++ b/core/src/main/java/de/danoeh/antennapod/core/gpoddernet/GpodnetService.java
@@ -72,84 +72,9 @@ public class GpodnetService {
 
     public GpodnetService() {
         httpClient = AntennapodHttpClient.getHttpClient();
-        if (Build.VERSION.SDK_INT <= 10) {
-            Log.d(TAG, "Use custom SSL factory");
-            SSLSocketFactory factory = getCustomSslSocketFactory();
-            httpClient.setSslSocketFactory(factory);
-        }
         BASE_HOST = GpodnetPreferences.getHostname();
     }
 
-    private synchronized static SSLSocketFactory getCustomSslSocketFactory() {
-        try {
-            TrustManagerFactory defaultTrustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-            defaultTrustManagerFactory.init((KeyStore) null); // use system keystore
-            final X509TrustManager defaultTrustManager = (X509TrustManager) defaultTrustManagerFactory.getTrustManagers()[0];
-            TrustManager[] customTrustManagers = new TrustManager[]{new X509TrustManager() {
-                @Override
-                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
-                    return null;
-                }
-                @Override
-                public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
-                }
-                @Override
-                public void checkServerTrusted(X509Certificate[] chain, String authType)
-                        throws CertificateException {
-                    // chain may out of order - construct data structures to walk from server certificate to root certificate
-                    Map<Principal, X509Certificate> certificates = new HashMap<Principal, X509Certificate>(chain.length - 1);
-                    X509Certificate subject = null;
-                    for (X509Certificate cert : chain) {
-                        cert.checkValidity();
-                        if (cert.getSubjectDN().toString().startsWith("CN=" + DEFAULT_BASE_HOST)) {
-                            subject = cert;
-                        } else {
-                            certificates.put(cert.getSubjectDN(), cert);
-                        }
-                    }
-                    if (subject == null) {
-                        throw new CertificateException("Chain does not contain a certificate for " + DEFAULT_BASE_HOST);
-                    }
-                    // follow chain to root CA
-                    while (certificates.get(subject.getIssuerDN()) != null) {
-                        subject.checkValidity();
-                        X509Certificate issuer = certificates.get(subject.getIssuerDN());
-                        try {
-                            subject.verify(issuer.getPublicKey());
-                        } catch (Exception e) {
-                            Log.d(TAG, "failed: " + issuer.getSubjectDN() + " -> " + subject.getSubjectDN());
-                            throw new CertificateException("Could not verify certificate");
-                        }
-                        subject = issuer;
-                    }
-                    X500Principal rootAuthority = subject.getIssuerX500Principal();
-                    boolean accepted = false;
-                    for (X509Certificate cert :
-                            defaultTrustManager.getAcceptedIssuers()) {
-                        if (cert.getSubjectX500Principal().equals(rootAuthority)) {
-                            try {
-                                subject.verify(cert.getPublicKey());
-                                accepted = true;
-                            } catch (Exception e) {
-                                Log.d(TAG, "failed: " + cert.getSubjectDN() + " -> " + subject.getSubjectDN());
-                                throw new CertificateException("Could not verify root certificate");
-                            }
-                        }
-                    }
-                    if (accepted == false) {
-                        throw new CertificateException("Could not verify root certificate");
-                    }
-                }
-            }};
-            SSLContext sslContext = SSLContext.getInstance("TLS");
-            sslContext.init(null, customTrustManagers, null);
-            return sslContext.getSocketFactory();
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-        return null;
-    }
-
     /**
      * Returns the [count] most used tags.
      */