commit df27c0c26209fe04de332497beafcafc1fbaad2b
author Andrew Stadler <stadler@android.com> Mon Jul 12 15:31:40 2010 -0700
committer Andrew Stadler <stadler@android.com> Mon Jul 12 15:31:40 2010 -0700
tree a60a0e4c7fe440f543f5d3924f56d57d817dc0a4
parent ef13d028217ac9766735f627dedc4fc7f48a6f1f

Skip hostname verification when using insecure factory

If the factory was obtained by calling getInsecure(), calls to
createSocket() should skip hostname verification (along with all of the
other skipped safety checks.)

This change slightly relaxes the too-strict checking that was introduced
in change 7fc93c36ae235115727296780dbc35101622bbd4.

Bug: 2834174
Change-Id: Iab7ef861ad0ca727f82ee8cdb78b89b9e835740d

core/java/android/net/SSLCertificateSocketFactory.java

diff --git a/core/java/android/net/SSLCertificateSocketFactory.java b/core/java/android/net/SSLCertificateSocketFactory.java
index 9ad125b..31acb5b 100644
--- a/core/java/android/net/SSLCertificateSocketFactory.java
+++ b/core/java/android/net/SSLCertificateSocketFactory.java
@@ -247,13 +247,16 @@
     /**
      * {@inheritDoc}
      *
-     * <p>This method verifies the peer's certificate hostname after connecting.
+     * <p>This method verifies the peer's certificate hostname after connecting
+     * (unless created with {@link #getInsecure(int, SSLSessionCache)}).
      */
     @Override
     public Socket createSocket(Socket k, String host, int port, boolean close) throws IOException {
         OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(k, host, port, close);
         s.setHandshakeTimeout(mHandshakeTimeoutMillis);
-        verifyHostname(s, host);
+        if (mSecure) {
+            verifyHostname(s, host);
+        }
         return s;
     }
 
@@ -305,7 +308,8 @@
     /**
      * {@inheritDoc}
      *
-     * <p>This method verifies the peer's certificate hostname after connecting.
+     * <p>This method verifies the peer's certificate hostname after connecting
+     * (unless created with {@link #getInsecure(int, SSLSessionCache)}).
      */
     @Override
     public Socket createSocket(String host, int port, InetAddress localAddr, int localPort)
@@ -313,20 +317,25 @@
         OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(
                 host, port, localAddr, localPort);
         s.setHandshakeTimeout(mHandshakeTimeoutMillis);
-        verifyHostname(s, host);
+        if (mSecure) {
+            verifyHostname(s, host);
+        }
         return s;
     }
 
     /**
      * {@inheritDoc}
      *
-     * <p>This method verifies the peer's certificate hostname after connecting.
+     * <p>This method verifies the peer's certificate hostname after connecting
+     * (unless created with {@link #getInsecure(int, SSLSessionCache)}).
      */
     @Override
     public Socket createSocket(String host, int port) throws IOException {
         OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(host, port);
         s.setHandshakeTimeout(mHandshakeTimeoutMillis);
-        verifyHostname(s, host);
+        if (mSecure) {
+            verifyHostname(s, host);
+        }
         return s;
     }