diff options
| author | Dominik Schürmann <dominik@dominikschuermann.de> | 2015-09-20 22:42:50 +0200 |
|---|---|---|
| committer | Dominik Schürmann <dominik@dominikschuermann.de> | 2015-09-20 22:42:50 +0200 |
| commit | 0b181743a3d6b1423e112b17a400b5ac4ac09bcb (patch) | |
| tree | ca4c54fe004f1dde0a0b0a62ee10db4231d9f443 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport | |
| parent | 4c1d48bd951cbc302bdb2821bdfd501405f3abe0 (diff) | |
| download | open-keychain-0b181743a3d6b1423e112b17a400b5ac4ac09bcb.tar.gz open-keychain-0b181743a3d6b1423e112b17a400b5ac4ac09bcb.tar.bz2 open-keychain-0b181743a3d6b1423e112b17a400b5ac4ac09bcb.zip | |
Keyservers: Dont follow redirects, pin pgp.mit.edu, check for pinned cert on add (OKC-01-018)
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport')
| -rw-r--r-- | OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java index 558b8ce7d..5683decdf 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java @@ -204,11 +204,15 @@ public class HkpKeyserver extends Keyserver { OkHttpClient client = new OkHttpClient(); try { - TlsHelper.pinCertificateIfNecessary(client, url); + TlsHelper.usePinnedCertificateIfAvailable(client, url); } catch (TlsHelper.TlsHelperException e) { Log.w(Constants.TAG, e); } + // don't follow any redirects + client.setFollowRedirects(false); + client.setFollowSslRedirects(false); + if (proxy != null) { client.setProxy(proxy); client.setConnectTimeout(30000, TimeUnit.MILLISECONDS); |