fix: allow SSLPinger to process certs without EKU

author Felix Dörre <felix@dogcraft.de>

Sun, 27 Nov 2016 00:06:41 +0000 (01:06 +0100)

committer Felix Dörre <felix@dogcraft.de>

Sun, 27 Nov 2016 00:06:41 +0000 (01:06 +0100)
author Felix Dörre <felix@dogcraft.de>
Sun, 27 Nov 2016 00:06:41 +0000 (01:06 +0100)
committer Felix Dörre <felix@dogcraft.de>
Sun, 27 Nov 2016 00:06:41 +0000 (01:06 +0100)
diff --git a/src/org/cacert/gigi/ping/SSLPinger.java b/src/org/cacert/gigi/ping/SSLPinger.java

index 71612920b88cb2b809868f5a439992b8a2c0366c..ab679bbcf990281dd3708e73202ee38817214b2f 100644 (file)
--- a/src/org/cacert/gigi/ping/SSLPinger.java
+++ b/src/org/cacert/gigi/ping/SSLPinger.java
@@ -178,7 +178,7 @@ public class SSLPinger extends DomainPinger {
                              @Override
                              public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws java.security.cert.CertificateException {
                                  java.security.cert.X509Certificate c = chain[0];
-                                if ( !c.getExtendedKeyUsage().contains("1.3.6.1.5.5.7.3.1")) {
+                                if (c.getExtendedKeyUsage() != null && !c.getExtendedKeyUsage().contains("1.3.6.1.5.5.7.3.1")) {
                                      throw new java.security.cert.CertificateException("Illegal EKU");
                                  }
                              }
author	Felix Dörre <felix@dogcraft.de>
	Sun, 27 Nov 2016 00:06:41 +0000 (01:06 +0100)
committer	Felix Dörre <felix@dogcraft.de>
	Sun, 27 Nov 2016 00:06:41 +0000 (01:06 +0100)