diff --git a/app/build.gradle b/app/build.gradle index 26d5f84c1e..3147b54eac 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -142,4 +142,5 @@ dependencies { implementation 'com.squareup.okhttp3:okhttp:4.12.0' implementation 'org.jmdns:jmdns:3.5.9' implementation 'com.github.cgutman:ShieldControllerExtensions:1.0.1' + implementation "org.conscrypt:conscrypt-android:2.5.2" } diff --git a/app/src/main/java/com/limelight/nvstream/http/NvHTTP.java b/app/src/main/java/com/limelight/nvstream/http/NvHTTP.java index 13dad8be9f..12b0eccbba 100644 --- a/app/src/main/java/com/limelight/nvstream/http/NvHTTP.java +++ b/app/src/main/java/com/limelight/nvstream/http/NvHTTP.java @@ -18,7 +18,9 @@ import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.security.PrivateKey; +import java.security.Provider; import java.security.SecureRandom; +import java.security.Security; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -42,6 +44,7 @@ import javax.net.ssl.X509KeyManager; import javax.net.ssl.X509TrustManager; +import org.conscrypt.Conscrypt; import org.xmlpull.v1.XmlPullParser; import org.xmlpull.v1.XmlPullParserException; import org.xmlpull.v1.XmlPullParserFactory; @@ -172,7 +175,25 @@ public boolean verify(String hostname, SSLSession session) { } }; + Provider conscrypt = Conscrypt.newProvider(); + Security.insertProviderAt(conscrypt, 1); + + TrustManager[] trustManagers = null; + SSLContext sslContext = null; + SSLSocketFactory sslSocketFactory = null; + try { + TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + tmf.init((KeyStore) null); + trustManagers = tmf.getTrustManagers(); + sslContext = SSLContext.getInstance("TLS"); + sslContext.init(null, trustManagers, new SecureRandom()); + sslSocketFactory = sslContext.getSocketFactory(); + } catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException e) { + throw new RuntimeException(e); + } + httpClientLongConnectTimeout = new OkHttpClient.Builder() + .sslSocketFactory(sslSocketFactory, (X509TrustManager) trustManagers[0]) .connectionPool(new ConnectionPool(0, 1, TimeUnit.MILLISECONDS)) .hostnameVerifier(hv) .readTimeout(READ_TIMEOUT, TimeUnit.MILLISECONDS)