From 7e91f57a42f36c1f869419a9d3e4ff9bf5d66281 Mon Sep 17 00:00:00 2001 From: Craig Raw Date: Mon, 1 Aug 2022 15:39:48 +0200 Subject: [PATCH] avoid saving frequently changing tls certificates for blockchain.info public servers to avoid approval complacency --- .../sparrow/net/TcpOverTlsTransport.java | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/sparrowwallet/sparrow/net/TcpOverTlsTransport.java b/src/main/java/com/sparrowwallet/sparrow/net/TcpOverTlsTransport.java index 004358b8..64a77121 100644 --- a/src/main/java/com/sparrowwallet/sparrow/net/TcpOverTlsTransport.java +++ b/src/main/java/com/sparrowwallet/sparrow/net/TcpOverTlsTransport.java @@ -94,7 +94,7 @@ public class TcpOverTlsTransport extends TcpTransport { protected void startHandshake(SSLSocket sslSocket) throws IOException { sslSocket.addHandshakeCompletedListener(event -> { - if(Storage.getCertificateFile(server.getHost()) == null) { + if(shouldSaveCertificate()) { try { Certificate[] certs = event.getPeerCertificates(); if(certs.length > 0) { @@ -108,4 +108,13 @@ public class TcpOverTlsTransport extends TcpTransport { sslSocket.startHandshake(); } + + protected boolean shouldSaveCertificate() { + //Avoid saving the certificates for blockstream.info public servers - they change too often and encourage approval complacency + if(PublicElectrumServer.BLOCKSTREAM_INFO.getName().equals(server.getHost()) || PublicElectrumServer.ELECTRUM_BLOCKSTREAM_INFO.getName().equals(server.getHost())) { + return false; + } + + return Storage.getCertificateFile(server.getHost()) == null; + } }