avoid saving frequently changing tls certificates for blockchain.info public servers to avoid approval complacency

This commit is contained in:
Craig Raw 2022-08-01 15:39:48 +02:00
parent f4c8bfa48c
commit 7e91f57a42

View file

@ -94,7 +94,7 @@ public class TcpOverTlsTransport extends TcpTransport {
protected void startHandshake(SSLSocket sslSocket) throws IOException { protected void startHandshake(SSLSocket sslSocket) throws IOException {
sslSocket.addHandshakeCompletedListener(event -> { sslSocket.addHandshakeCompletedListener(event -> {
if(Storage.getCertificateFile(server.getHost()) == null) { if(shouldSaveCertificate()) {
try { try {
Certificate[] certs = event.getPeerCertificates(); Certificate[] certs = event.getPeerCertificates();
if(certs.length > 0) { if(certs.length > 0) {
@ -108,4 +108,13 @@ public class TcpOverTlsTransport extends TcpTransport {
sslSocket.startHandshake(); sslSocket.startHandshake();
} }
protected boolean shouldSaveCertificate() {
//Avoid saving the certificates for blockstream.info public servers - they change too often and encourage approval complacency
if(PublicElectrumServer.BLOCKSTREAM_INFO.getName().equals(server.getHost()) || PublicElectrumServer.ELECTRUM_BLOCKSTREAM_INFO.getName().equals(server.getHost())) {
return false;
}
return Storage.getCertificateFile(server.getHost()) == null;
}
} }