diff options
author | Andrew Stadler <stadler@android.com> | 2010-07-12 15:31:40 -0700 |
---|---|---|
committer | android-build SharedAccount <android-build@sekiwake.mtv.corp.google.com> | 2010-07-22 22:37:38 -0700 |
commit | f1f07993792dbf2d49613d474a696ec0927828d2 (patch) | |
tree | 48f4130a7cfcc356f0b3f6144edb9ffc3f0f383a | |
parent | 9ffe79c7ebd448de4a0defe7807efec332fdefb4 (diff) | |
download | base-f1f07993792dbf2d49613d474a696ec0927828d2.tar.gz |
Skip hostname verification when using insecure factoryandroid-2.2_r1.3
If the factory was obtained by calling getInsecure(), calls to
createSocket() should skip hostname verification (along with all of the
other skipped safety checks.)
This change slightly relaxes the too-strict checking that was introduced
in change 7fc93c36ae235115727296780dbc35101622bbd4.
Bug: 2834174
Change-Id: Iab7ef861ad0ca727f82ee8cdb78b89b9e835740d
-rw-r--r-- | core/java/android/net/SSLCertificateSocketFactory.java | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/core/java/android/net/SSLCertificateSocketFactory.java b/core/java/android/net/SSLCertificateSocketFactory.java index 9ad125b312e1..31acb5b177e8 100644 --- a/core/java/android/net/SSLCertificateSocketFactory.java +++ b/core/java/android/net/SSLCertificateSocketFactory.java @@ -247,13 +247,16 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { /** * {@inheritDoc} * - * <p>This method verifies the peer's certificate hostname after connecting. + * <p>This method verifies the peer's certificate hostname after connecting + * (unless created with {@link #getInsecure(int, SSLSessionCache)}). */ @Override public Socket createSocket(Socket k, String host, int port, boolean close) throws IOException { OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(k, host, port, close); s.setHandshakeTimeout(mHandshakeTimeoutMillis); - verifyHostname(s, host); + if (mSecure) { + verifyHostname(s, host); + } return s; } @@ -305,7 +308,8 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { /** * {@inheritDoc} * - * <p>This method verifies the peer's certificate hostname after connecting. + * <p>This method verifies the peer's certificate hostname after connecting + * (unless created with {@link #getInsecure(int, SSLSessionCache)}). */ @Override public Socket createSocket(String host, int port, InetAddress localAddr, int localPort) @@ -313,20 +317,25 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket( host, port, localAddr, localPort); s.setHandshakeTimeout(mHandshakeTimeoutMillis); - verifyHostname(s, host); + if (mSecure) { + verifyHostname(s, host); + } return s; } /** * {@inheritDoc} * - * <p>This method verifies the peer's certificate hostname after connecting. + * <p>This method verifies the peer's certificate hostname after connecting + * (unless created with {@link #getInsecure(int, SSLSessionCache)}). */ @Override public Socket createSocket(String host, int port) throws IOException { OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(host, port); s.setHandshakeTimeout(mHandshakeTimeoutMillis); - verifyHostname(s, host); + if (mSecure) { + verifyHostname(s, host); + } return s; } |