From 5c7afbf4d4ee28929814174ee7660747f995173d Mon Sep 17 00:00:00 2001
From: evermind <evermind@tuxfamily.org>
Date: Sat, 6 Nov 2021 08:01:28 +0100
Subject: [PATCH] Use TLSSocketFactoryCompat for Picasso to enable TLSv1.1/1.2
 on <=KitKat devices

---
 .../main/java/org/schabi/newpipe/util/OkHttpTlsHelper.java   | 5 ++++-
 app/src/main/java/org/schabi/newpipe/util/PicassoHelper.java | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/app/src/main/java/org/schabi/newpipe/util/OkHttpTlsHelper.java b/app/src/main/java/org/schabi/newpipe/util/OkHttpTlsHelper.java
index e6da19d6a..0ac24cf59 100644
--- a/app/src/main/java/org/schabi/newpipe/util/OkHttpTlsHelper.java
+++ b/app/src/main/java/org/schabi/newpipe/util/OkHttpTlsHelper.java
@@ -35,8 +35,9 @@ public final class OkHttpTlsHelper {
      * </p>
      *
      * @param builder The HTTPClient Builder on which TLS is enabled on (will be modified in-place)
+     * @return the same builder that was supplied. So the method can be chained.
      */
-    public static void enableModernTLS(final OkHttpClient.Builder builder) {
+    public static OkHttpClient.Builder enableModernTLS(final OkHttpClient.Builder builder) {
         if (Build.VERSION.SDK_INT == Build.VERSION_CODES.KITKAT) {
             try {
                 // get the default TrustManager
@@ -77,5 +78,7 @@ public final class OkHttpTlsHelper {
                 }
             }
         }
+
+        return builder;
     }
 }
diff --git a/app/src/main/java/org/schabi/newpipe/util/PicassoHelper.java b/app/src/main/java/org/schabi/newpipe/util/PicassoHelper.java
index e15ecd277..04da1d68c 100644
--- a/app/src/main/java/org/schabi/newpipe/util/PicassoHelper.java
+++ b/app/src/main/java/org/schabi/newpipe/util/PicassoHelper.java
@@ -40,7 +40,7 @@ public final class PicassoHelper {
 
     public static void init(final Context context) {
         picassoCache = new LruCache(10 * 1024 * 1024);
-        picassoDownloaderClient = new OkHttpClient.Builder()
+        picassoDownloaderClient = OkHttpTlsHelper.enableModernTLS(new OkHttpClient.Builder())
                 .cache(new okhttp3.Cache(new File(context.getExternalCacheDir(), "picasso"),
                         50 * 1024 * 1024))
                 // this should already be the default timeout in OkHttp3, but just to be sure...