X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fping%2FSSLPinger.java;h=7db5a6b16786a066cb4f3427990a2477b111c7ed;hb=c9ed09f0007fc2c813815be927a5a24b23dab83c;hp=71612920b88cb2b809868f5a439992b8a2c0366c;hpb=aa5723dbb64ec8efa63909d39ff72364f0a5ee96;p=gigi.git

diff --git a/src/org/cacert/gigi/ping/SSLPinger.java b/src/org/cacert/gigi/ping/SSLPinger.java
index 71612920..7db5a6b1 100644
--- a/src/org/cacert/gigi/ping/SSLPinger.java
+++ b/src/org/cacert/gigi/ping/SSLPinger.java
@@ -39,6 +39,8 @@ import sun.security.x509.X500Name;
 
 public class SSLPinger extends DomainPinger {
 
+    private static final String OID_EKU_serverAuth = "1.3.6.1.5.5.7.3.1";
+
     public static final String[] TYPES = new String[] {
             "xmpp", "server-xmpp", "smtp", "imap"
     };
@@ -178,8 +180,8 @@ public class SSLPinger extends DomainPinger {
                             @Override
                             public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws java.security.cert.CertificateException {
                                 java.security.cert.X509Certificate c = chain[0];
-                                if ( !c.getExtendedKeyUsage().contains("1.3.6.1.5.5.7.3.1")) {
-                                    throw new java.security.cert.CertificateException("Illegal EKU");
+                                if (c.getExtendedKeyUsage() == null || !c.getExtendedKeyUsage().contains(OID_EKU_serverAuth)) {
+                                    throw new java.security.cert.CertificateException("Extended Key Usage for SSL Server Authentication missing");
                                 }
                             }