From 38f1675901a968563c2738b8e95b5487fddb040c Mon Sep 17 00:00:00 2001
From: Stephen Paul Weber <singpolyma@singpolyma.net>
Date: Sun, 30 Jun 2024 14:24:11 -0500
Subject: [PATCH] Don't try DANE on raw IP

It won't work anyway, and people get annoyed.
---
 .../eu/siacs/conversations/services/MemorizingTrustManager.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/eu/siacs/conversations/services/MemorizingTrustManager.java b/src/main/java/eu/siacs/conversations/services/MemorizingTrustManager.java
index 8c940fb6433824ec17b6f28419f931d44cb0d30f..2f4df4167cabd3bbfa3d67b43b5f3544b3296dd6 100644
--- a/src/main/java/eu/siacs/conversations/services/MemorizingTrustManager.java
+++ b/src/main/java/eu/siacs/conversations/services/MemorizingTrustManager.java
@@ -403,7 +403,7 @@ public class MemorizingTrustManager {
         try {
             LOGGER.log(Level.FINE, "checkCertTrusted: trying appTrustManager");
             if (isServer) {
-                if (verifiedHostname != null) {
+                if (verifiedHostname != null && !eu.siacs.conversations.utils.IP.matches(verifiedHostname)) {
                     try {
                         if (daneVerifier.verifyCertificateChain(chain, verifiedHostname, port)) {
                             if (daneCb != null) daneCb.accept(true);