Rethrow the original validation error if the cert isn't pinned or self-signed

This commit is contained in:
Cameron Gutman 2020-06-29 11:29:33 -07:00
parent 536496184e
commit 2329b41bce

View File

@ -92,10 +92,17 @@ public class NvHTTP {
defaultTrustManager.checkServerTrusted(certs, authType); defaultTrustManager.checkServerTrusted(certs, authType);
} catch (CertificateException e) { } catch (CertificateException e) {
// Check the server certificate if we've paired to this host // Check the server certificate if we've paired to this host
if (certs.length != 1 || !certs[0].equals(NvHTTP.this.serverCert)) { if (certs.length == 1 && NvHTTP.this.serverCert != null) {
if (!certs[0].equals(NvHTTP.this.serverCert)) {
throw new CertificateException("Certificate mismatch"); throw new CertificateException("Certificate mismatch");
} }
} }
else {
// The cert chain doesn't look like a self-signed cert or we don't have
// a certificate pinned, so re-throw the original validation error.
throw e;
}
}
} }
}; };
} }