From 974ea8fa364fa6881d19226dc0c3bd2562cc918b Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Sun, 27 Nov 2016 16:14:38 +0100
Subject: [PATCH] upd: in SSLPinger move serverAuth EKU OID to a constant

Change-Id: Ic4714e6af8a00cc58e69de2def7e9dc1bbbaff05
---
 src/org/cacert/gigi/ping/SSLPinger.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/org/cacert/gigi/ping/SSLPinger.java b/src/org/cacert/gigi/ping/SSLPinger.java
index ab679bbc..312c8870 100644
--- a/src/org/cacert/gigi/ping/SSLPinger.java
+++ b/src/org/cacert/gigi/ping/SSLPinger.java
@@ -39,6 +39,8 @@ import sun.security.x509.X500Name;
 
 public class SSLPinger extends DomainPinger {
 
+    private static final String OID_EKU_serverAuth = "1.3.6.1.5.5.7.3.1";
+
     public static final String[] TYPES = new String[] {
             "xmpp", "server-xmpp", "smtp", "imap"
     };
@@ -178,7 +180,7 @@ public class SSLPinger extends DomainPinger {
                             @Override
                             public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws java.security.cert.CertificateException {
                                 java.security.cert.X509Certificate c = chain[0];
-                                if (c.getExtendedKeyUsage() != null && !c.getExtendedKeyUsage().contains("1.3.6.1.5.5.7.3.1")) {
+                                if (c.getExtendedKeyUsage() != null && !c.getExtendedKeyUsage().contains(OID_EKU_serverAuth)) {
                                     throw new java.security.cert.CertificateException("Illegal EKU");
                                 }
                             }
-- 
2.39.2