hack: ignore TLS hostname verification for spotifycdn.com

Ignore subdomains / hostpart name for everything under spotifycdn.com as those are (sometimes?) misconfigured. The cert must be for *.spotifycdn.com and the requested host must also be *.spotifycdn.com
librespot-org · Oct 20, 2023 · 05c6d95 · 05c6d95
1 parent 3c52fce
commit 05c6d95
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/lib/src/main/java/xyz/gianlu/librespot/core/Session.java b/lib/src/main/java/xyz/gianlu/librespot/core/Session.java
@@ -70,6 +70,8 @@
 import java.util.*;
 import java.util.concurrent.*;
 import java.util.concurrent.atomic.AtomicBoolean;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLSession;
 
 /**
  * @author Gianlu
@@ -144,6 +146,14 @@ private Session(@NotNull Inner inner) throws IOException {
     private static OkHttpClient createClient(@NotNull Configuration conf) {
         OkHttpClient.Builder builder = new OkHttpClient.Builder();
         builder.retryOnConnectionFailure(true);
+        builder.hostnameVerifier(new HostnameVerifier() {
+            @Override
+            public boolean verify(String hostname, SSLSession session) {
+                if (hostname.toLowerCase().endsWith("spotifycdn.com") && session.getPeerHost().toLowerCase().endsWith("spotifycdn.com"))
+                    return true;
+                return hostname.equalsIgnoreCase(session.getPeerHost());
+            }
+        });
 
         if (conf.proxyEnabled && conf.proxyType != Proxy.Type.DIRECT) {
             builder.proxy(new Proxy(conf.proxyType, new InetSocketAddress(conf.proxyAddress, conf.proxyPort)));