Fix client certificate-only usage

gotify · Apr 21, 2024 · 60946e4 · 60946e4
1 parent 79584c8
commit 60946e4
Showing 1 changed file with 12 additions and 4 deletions.
diff --git a/app/src/main/kotlin/com/github/gotify/api/CertUtils.kt b/app/src/main/kotlin/com/github/gotify/api/CertUtils.kt
@@ -66,6 +66,7 @@ internal object CertUtils {
                 )
                 if (tempKeyManagers.isNotEmpty()) {
                     keyManagers = tempKeyManagers
+                    customManagers = true
                 }
             }
             if (!settings.validateSSL) {
@@ -75,10 +76,17 @@ internal object CertUtils {
             if (customManagers || !settings.validateSSL) {
                 val context = SSLContext.getInstance("TLS")
                 context.init(keyManagers, trustManagers, SecureRandom())
-                builder.sslSocketFactory(
-                    context.socketFactory,
-                    trustManagers!![0] as X509TrustManager
-                )
+                if (trustManagers != null) {
+                    // Use custom trust manager
+                    builder.sslSocketFactory(
+                        context.socketFactory,
+                        trustManagers[0] as X509TrustManager
+                    )
+                } else {
+                    // Fall back to system trust managers
+                    @Suppress("DEPRECATION")
+                    builder.sslSocketFactory(context.socketFactory)
+                }
             }
         } catch (e: Exception) {
             // We shouldn't have issues since the cert is verified on login.