From 60946e4e1e38be1e820c2c494ae2c7637c8474cd Mon Sep 17 00:00:00 2001
From: Niko Diamadis <niko@cyb3rko.de>
Date: Mon, 22 Apr 2024 00:59:19 +0200
Subject: [PATCH] Fix client certificate-only usage

---
 .../kotlin/com/github/gotify/api/CertUtils.kt    | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/app/src/main/kotlin/com/github/gotify/api/CertUtils.kt b/app/src/main/kotlin/com/github/gotify/api/CertUtils.kt
index 8077110..360c163 100644
--- a/app/src/main/kotlin/com/github/gotify/api/CertUtils.kt
+++ b/app/src/main/kotlin/com/github/gotify/api/CertUtils.kt
@@ -66,6 +66,7 @@ internal object CertUtils {
                 )
                 if (tempKeyManagers.isNotEmpty()) {
                     keyManagers = tempKeyManagers
+                    customManagers = true
                 }
             }
             if (!settings.validateSSL) {
@@ -75,10 +76,17 @@ internal object CertUtils {
             if (customManagers || !settings.validateSSL) {
                 val context = SSLContext.getInstance("TLS")
                 context.init(keyManagers, trustManagers, SecureRandom())
-                builder.sslSocketFactory(
-                    context.socketFactory,
-                    trustManagers!![0] as X509TrustManager
-                )
+                if (trustManagers != null) {
+                    // Use custom trust manager
+                    builder.sslSocketFactory(
+                        context.socketFactory,
+                        trustManagers[0] as X509TrustManager
+                    )
+                } else {
+                    // Fall back to system trust managers
+                    @Suppress("DEPRECATION")
+                    builder.sslSocketFactory(context.socketFactory)
+                }
             }
         } catch (e: Exception) {
             // We shouldn't have issues since the cert is verified on login.