diff --git a/src/main/java/com/sparrowwallet/sparrow/net/TcpOverTlsTransport.java b/src/main/java/com/sparrowwallet/sparrow/net/TcpOverTlsTransport.java index 004358b8..64a77121 100644 --- a/src/main/java/com/sparrowwallet/sparrow/net/TcpOverTlsTransport.java +++ b/src/main/java/com/sparrowwallet/sparrow/net/TcpOverTlsTransport.java @@ -94,7 +94,7 @@ public class TcpOverTlsTransport extends TcpTransport { protected void startHandshake(SSLSocket sslSocket) throws IOException { sslSocket.addHandshakeCompletedListener(event -> { - if(Storage.getCertificateFile(server.getHost()) == null) { + if(shouldSaveCertificate()) { try { Certificate[] certs = event.getPeerCertificates(); if(certs.length > 0) { @@ -108,4 +108,13 @@ public class TcpOverTlsTransport extends TcpTransport { sslSocket.startHandshake(); } + + protected boolean shouldSaveCertificate() { + //Avoid saving the certificates for blockstream.info public servers - they change too often and encourage approval complacency + if(PublicElectrumServer.BLOCKSTREAM_INFO.getName().equals(server.getHost()) || PublicElectrumServer.ELECTRUM_BLOCKSTREAM_INFO.getName().equals(server.getHost())) { + return false; + } + + return Storage.getCertificateFile(server.getHost()) == null; + } }