mirror of
https://github.com/sparrowwallet/sparrow.git
synced 2024-12-25 05:06:45 +00:00
allow expired certificates for electrum servers so long as they have been previously used or explicitly approved
This commit is contained in:
parent
1fa52f043c
commit
56784b684a
3 changed files with 37 additions and 3 deletions
|
@ -290,8 +290,7 @@ public class AppServices {
|
|||
connectionService.setRestartOnFailure(false);
|
||||
}
|
||||
|
||||
if(failEvent.getSource().getException() instanceof TlsServerException && failEvent.getSource().getException().getCause() != null) {
|
||||
TlsServerException tlsServerException = (TlsServerException)failEvent.getSource().getException();
|
||||
if(failEvent.getSource().getException() instanceof TlsServerException tlsServerException && failEvent.getSource().getException().getCause() != null) {
|
||||
connectionService.setRestartOnFailure(false);
|
||||
if(tlsServerException.getCause().getMessage().contains("PKIX path building failed")) {
|
||||
File crtFile = Config.get().getElectrumServerCert();
|
||||
|
@ -315,6 +314,15 @@ public class AppServices {
|
|||
}
|
||||
}
|
||||
}
|
||||
} else if(tlsServerException.getCause().getCause() instanceof UnknownCertificateExpiredException expiredException) {
|
||||
Optional<ButtonType> optButton = AppServices.showErrorDialog("SSL Handshake Failed", "The certificate provided by the server at " + tlsServerException.getServer().getHost() + " has expired. "
|
||||
+ tlsServerException.getMessage() + "." +
|
||||
"\n\nDo you still want to proceed?", ButtonType.NO, ButtonType.YES);
|
||||
if(optButton.isPresent() && optButton.get() == ButtonType.YES) {
|
||||
Storage.saveCertificate(tlsServerException.getServer().getHost(), expiredException.getCertificate());
|
||||
Platform.runLater(() -> restartService(connectionService));
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -57,7 +57,13 @@ public class TcpOverTlsTransport extends TcpTransport {
|
|||
throw new CertificateException("No server certificate provided");
|
||||
}
|
||||
|
||||
try {
|
||||
certs[0].checkValidity();
|
||||
} catch(CertificateExpiredException e) {
|
||||
if(Storage.getCertificateFile(server.getHost()) == null) {
|
||||
throw new UnknownCertificateExpiredException(e.getMessage(), certs[0]);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
};
|
||||
|
@ -68,6 +74,9 @@ public class TcpOverTlsTransport extends TcpTransport {
|
|||
try {
|
||||
X509Certificate x509Certificate = (X509Certificate)certificate;
|
||||
x509Certificate.checkValidity();
|
||||
} catch(CertificateExpiredException e) {
|
||||
//Allow expired certificates so long as they have been previously used or explicitly approved
|
||||
//These will usually be self-signed certificates that users may not have the expertise to renew
|
||||
} catch(CertificateException e) {
|
||||
crtFile.delete();
|
||||
return getTrustManagers(null);
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
package com.sparrowwallet.sparrow.net;
|
||||
|
||||
import java.security.cert.Certificate;
|
||||
import java.security.cert.CertificateExpiredException;
|
||||
|
||||
public class UnknownCertificateExpiredException extends CertificateExpiredException {
|
||||
private final Certificate certificate;
|
||||
|
||||
public UnknownCertificateExpiredException(String message, Certificate certificate) {
|
||||
super(message);
|
||||
this.certificate = certificate;
|
||||
}
|
||||
|
||||
public Certificate getCertificate() {
|
||||
return certificate;
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue