commit b84e0f91baed9792d84481d1d6accec20dc41972
author Kenny Root <kroot@google.com> Thu Mar 10 15:51:22 2016 -0800
committer Kenny Root <kroot@google.com> Thu Mar 10 16:10:16 2016 -0800
tree adc2f3a1cff195f580fcb5b65d45c7a02a797041
parent 28c8e2372187955df65f542fb63cb028f472decf

Allow SSLSession to return IP address

In an effort to not use reverse DNS, we no longer return hostnames from
sockets created via IP addresses. However, this also made the SSLSession
return null when a Socket is created to an IP address instead of an
FQDN.

While being careful not to trigger another DNS lookup, simply return a
textual representation of the IP address connected when the SSLSocket has
no knowledge of what the actual FQDN is supposed to be.

(cherry picked from commit ee1a154153a1b20d55fc4b0dd9752277f0cd6451)

Bug: 27123298
Change-Id: Ie37e214f91e4f005f90da0d4a2aba1cd604d60b7

src/main/java/org/conscrypt/OpenSSLSocketImpl.java

diff --git a/src/main/java/org/conscrypt/OpenSSLSocketImpl.java b/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
index 019a0c0..9a49ec2 100644
--- a/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
+++ b/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
@@ -332,7 +332,7 @@
             }
 
             final OpenSSLSessionImpl sessionToReuse = sslParameters.getSessionToReuse(
-                    sslNativePointer, getHostname(), getPort());
+                    sslNativePointer, getHostnameOrIP(), getPort());
             sslParameters.setSSLParameters(sslCtxNativePointer, sslNativePointer, this, this,
                     getHostname());
             sslParameters.setCertificateValidation(sslNativePointer);
@@ -380,7 +380,7 @@
                 // Must match error string of SSL_R_UNEXPECTED_CCS
                 if (message.contains("unexpected CCS")) {
                     String logMessage = String.format("ssl_unexpected_ccs: host=%s",
-                            getHostname());
+                            getHostnameOrIP());
                     Platform.logEvent(logMessage);
                 }
 
@@ -397,7 +397,7 @@
             }
 
             sslSession = sslParameters.setupSession(sslSessionNativePointer, sslNativePointer,
-                    sessionToReuse, getHostname(), getPort(), handshakeCompleted);
+                    sessionToReuse, getHostnameOrIP(), getPort(), handshakeCompleted);
 
             // Restore the original timeout now that the handshake is complete
             if (handshakeTimeoutMilliseconds >= 0) {
@@ -458,6 +458,24 @@
         return peerHostname;
     }
 
+    /**
+     * For the purposes of an SSLSession, we want a way to represent the supplied hostname
+     * or the IP address in a textual representation. We do not want to perform reverse DNS
+     * lookups on this address.
+     */
+    public String getHostnameOrIP() {
+        if (peerHostname != null) {
+            return peerHostname;
+        }
+
+        InetAddress peerAddress = getInetAddress();
+        if (peerAddress != null) {
+            return peerAddress.getHostAddress();
+        }
+
+        return null;
+    }
+
     @Override
     public int getPort() {
         return peerPort == -1 ? super.getPort() : peerPort;
@@ -571,7 +589,7 @@
 
             // Used for verifyCertificateChain callback
             handshakeSession = new OpenSSLSessionImpl(sslSessionNativePtr, null, peerCertChain,
-                    getHostname(), getPort(), null);
+                    getHostnameOrIP(), getPort(), null);
 
             boolean client = sslParameters.getUseClientMode();
             if (client) {