made OF selfSigned() workaround only available >=kitkat

Daniel Gultsch created 

this undos 8a729061d58be833ced01996efd644c067ed94e2. as it turns out 4.1
and 4.0 only break when checking if a cert is self signed.

Change summary

src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java | 7 
1 file changed, 3 insertions(+), 4 deletions(-)

Detailed changes

src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java 🔗 

@@ -43,10 +43,9 @@ public class XmppDomainVerifier implements DomainHostnameVerifier {
 			}
 			X509Certificate certificate = (X509Certificate) chain[0];
 			final List<String> commonNames = getCommonNames(certificate);
-			final boolean isSelfSignedCertificate = isSelfSigned(certificate);
-			if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT || isSelfSignedCertificate) {
-				if (commonNames.size() == 1 && commonNames.get(0).equals(domain)) {
-					Log.d(LOGTAG,"accepted CN in cert as work around for "+domain+" isSelfSigned="+Boolean.toString(isSelfSignedCertificate)+", sdkInt="+Build.VERSION.SDK_INT);
+			if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT && isSelfSigned(certificate)) {
+				if (commonNames.size() == 1 && matchDomain(domain,commonNames)) {
+					Log.d(LOGTAG,"accepted CN in self signed cert as work around for "+domain);
 					return true;
 				}
 			}