String hostname;
+ /** if true, we don't mind if the server's cert isn't signed by a CA. USE WITH CAUTION! */
+ boolean ignoreUntrustedCert = false;
+
/** the concatenation of all the bytes of all handshake messages sent or recieved */
public byte[] handshakes = new byte[] { };
public InputStream getInputStream() throws IOException { return is != null ? is : super.getInputStream(); }
public OutputStream getOutputStream() throws IOException { return os != null ? os : super.getOutputStream(); }
- public TinySSL(String host, int port) throws IOException { this(host, port, true); }
- public TinySSL(String host, int port, boolean negotiateImmediately) throws IOException {
+ public TinySSL(String host, int port) throws IOException { this(host, port, true, false); }
+ public TinySSL(String host, int port, boolean negotiateImmediately) throws IOException { this(host, port, negotiateImmediately, false); }
+ public TinySSL(String host, int port, boolean negotiateImmediately, boolean ignoreUntrustedCert) throws IOException {
super(host, port);
hostname = host;
+ this.ignoreUntrustedCert = ignoreUntrustedCert;
if (negotiateImmediately) negotiate();
}
}
if (!good) throw new SSLException("server certificate does not seem to have a CN: " + CN);
- if (!CN.equals(hostname))
+ if (!ignoreUntrustedCert && !CN.equals(hostname))
throw new SSLException("connecting to host " + hostname + " but server certificate was issued for " + CN);
SimpleDateFormat dateF = new SimpleDateFormat("MM-dd-yy-HH-mm-ss-z");
Date endDate = dateF.parse(s, new ParsePosition(0));
Date now = new Date();
- if (now.after(endDate)) throw new SSLException("server certificate expired on " + endDate);
- if (now.before(startDate)) throw new SSLException("server certificate will not be valid until " + startDate);
+ if (!ignoreUntrustedCert && now.after(endDate))
+ throw new SSLException("server certificate expired on " + endDate);
+ if (!ignoreUntrustedCert && now.before(startDate))
+ throw new SSLException("server certificate will not be valid until " + startDate);
Log.log(this, "server cert (name, validity dates) checks out okay");
}
if (Log.on) Log.log(this, " Certificate (" + numcerts + " certificates)");
+ if (ignoreUntrustedCert) break;
+
boolean good = false;
// pass 1 -- only check CA's whose subject is a partial match
"1HP9SFIIThbbP4pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71" +
"lSk8UOg013gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZw" +
"IDAQAB"
-
};
+ public static boolean alwaysFalse = false;
+
static class entropySpinner extends Thread {
volatile boolean stop = false;
byte counter = 0;
entropySpinner() { start(); }
public void run() {
while (true) {
- // without this synchronization, GCJ will over-optimize this loop into an infinite loop. Argh.
- synchronized(this) {
- counter++;
- if (stop) return;
- }
+ counter++;
+
+ // without this line, GCJ will over-optimize this loop into an infinite loop. Argh.
+ if (alwaysFalse) stop = true;
+
+ if (stop) return;
}
}
}
if (Log.on) Log.log(TinySSL.class, e);
}
+ if (Log.on) Log.log(TinySSL.class, "generating entropy...");
randpool = new byte[10];
try { Thread.sleep(100); } catch (Exception e) { }
for(int i=0; i<spinners.length; i++) {
randpool = new byte[md5.getDigestSize()];
md5.doFinal(randpool, 0);
+ if (Log.on) Log.log(TinySSL.class, "TinySSL is initialized.");
}