Skip to content

Commit

Permalink
Merge pull request #132 from mattermost/fix-invalid-ssl
Browse files Browse the repository at this point in the history 
fix: android invalid or expired ssl cert to show correct error message
  • Loading branch information
@enahum
enahum authored Aug 30, 2024
2 parents 4c3bf8f + 4e91eab commit 0ad8fad
Showing 1 changed file with 16 additions and 2 deletions.
18 changes: 16 additions & 2 deletions android/src/main/java/com/mattermost/networkclient/NetworkClient.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,8 +207,17 @@ internal class NetworkClient(private val context: ReactApplicationContext, priva
override fun onFailure(call: Call, e: IOException) {
if (e is javax.net.ssl.SSLPeerUnverifiedException) {
cancelAllRequests()
emitInvalidPinnedCertificateError()
promise.reject(Exception("Server trust evaluation failed due to reason: Certificate pinning failed for host ${request.url.host}"))
val fingerPrintsMap = getCertificatesFingerPrints()
if (fingerPrintsMap.containsKey(request.url.host)) {
emitInvalidPinnedCertificateError()
promise.reject(Exception("Server trust evaluation failed due to reason: Certificate pinning failed for host ${request.url.host}"))
return
} else {
rejectInvalidCertificate(promise, request.url.host)
return
}
} else if (e is javax.net.ssl.SSLHandshakeException) {
rejectInvalidCertificate(promise, request.url.host)
return
}
promise.reject(e)
Expand Down Expand Up @@ -743,4 +752,9 @@ internal class NetworkClient(private val context: ReactApplicationContext, priva

return fingerprintsMap
}

private fun rejectInvalidCertificate(promise: Promise, host: String) {
emitInvalidCertificateError()
promise.reject(Exception("The certificate for this server is invalid.\nYou might be connecting to a server that is pretending to be “${host}” which could put your confidential information at risk."))
}
}

0 comments on commit 0ad8fad

Please sign in to comment.