Set security error status on TLS cert mismatch

Sam Whited created

Change summary

src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java | 13 ++--
1 file changed, 7 insertions(+), 6 deletions(-)

Detailed changes

src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java 🔗 

@@ -593,12 +593,13 @@ public class XmppConnection implements Runnable {
 							}
 							sslSocket.setEnabledProtocols(supportProtocols);
 
-							if (verifier != null
-									&& !verifier.verify(account.getServer().getDomainpart(),
-										sslSocket.getSession())) {
-								sslSocket.close();
-								throw new IOException("host mismatch in TLS connection");
-									}
+                            if (verifier != null
+                                    && !verifier.verify(account.getServer().getDomainpart(),
+                                    sslSocket.getSession())) {
+                                account.setStatus(Account.State.SECURITY_ERROR);
+                                sslSocket.close();
+                                throw new IOException("Host mismatch in TLS connection");
+                            }
 							tagReader.setInputStream(sslSocket.getInputStream());
 							tagWriter.setOutputStream(sslSocket.getOutputStream());
 							sendStartStream();