commit b1ff80cebce13939abec04cbf0978cda72157e77
author Makoto Onuki <omakoto@google.com> Tue Feb 16 15:19:10 2010 -0800
committer Makoto Onuki <omakoto@google.com> Tue Feb 16 17:23:20 2010 -0800
tree 7e18b2fd84c34e170861c7342804e4f7d845cf26
parent 9cbd5664b81e31772377aa91cbbad29301e547ee

Use SSLCertificateSocketFactory to generate "insecure" ssl socket.

Use SSLCertificateSocketFactory.getDefault() to get an SSLSocketFactory
which performs SSL certificate checks, and getInsecure() to get one
which doesn't (for "accept all certificates").

Bug 2226160

src/com/android/exchange/SyncManager.java

diff --git a/src/com/android/exchange/SyncManager.java b/src/com/android/exchange/SyncManager.java
index 74d93a1..d2e7121 100644
--- a/src/com/android/exchange/SyncManager.java
+++ b/src/com/android/exchange/SyncManager.java
@@ -21,7 +21,7 @@
 import com.android.email.Email;
 import com.android.email.SecurityPolicy;
 import com.android.email.mail.MessagingException;
-import com.android.email.mail.store.TrustManagerFactory;
+import com.android.email.mail.transport.SSLUtils;
 import com.android.email.provider.EmailContent;
 import com.android.email.provider.EmailContent.Account;
 import com.android.email.provider.EmailContent.Attachment;
@@ -1054,30 +1054,16 @@
                     PlainSocketFactory.getSocketFactory(), 80));
             registry.register(new Scheme("https", SSLSocketFactory.getSocketFactory(), 443));
 
-            // Create a new SSLSocketFactory for our "trusted ssl"
-            // Get the unsecure trust manager from the factory
-            X509TrustManager trustManager = TrustManagerFactory.get(null, false);
-            TrustManager[] trustManagers = new TrustManager[] {trustManager};
-            SSLContext sslcontext;
-            try {
-                sslcontext = SSLContext.getInstance("TLS");
-                try {
-                    sslcontext.init(null, trustManagers, null);
-                } catch (KeyManagementException e) {
-                    throw new AssertionError(e);
-                }
-                // Ok, now make our factory
-                SSLSocketFactory sf = new SSLSocketFactory(sslcontext.getSocketFactory());
-                sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
-                // Register the httpts scheme with our factory
-                registry.register(new Scheme("httpts", sf, 443));
-                // And create a ccm with our registry
-                HttpParams params = new BasicHttpParams();
-                params.setIntParameter(ConnManagerPNames.MAX_TOTAL_CONNECTIONS, 25);
-                params.setParameter(ConnManagerPNames.MAX_CONNECTIONS_PER_ROUTE, sConnPerRoute);
-                sClientConnectionManager = new ThreadSafeClientConnManager(params, registry);
-            } catch (NoSuchAlgorithmException e2) {
-            }
+            // Use "insecure" socket factory.
+            SSLSocketFactory sf = new SSLSocketFactory(SSLUtils.getSSLSocketFactory(true));
+            sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
+            // Register the httpts scheme with our factory
+            registry.register(new Scheme("httpts", sf, 443));
+            // And create a ccm with our registry
+            HttpParams params = new BasicHttpParams();
+            params.setIntParameter(ConnManagerPNames.MAX_TOTAL_CONNECTIONS, 25);
+            params.setParameter(ConnManagerPNames.MAX_CONNECTIONS_PER_ROUTE, sConnPerRoute);
+            sClientConnectionManager = new ThreadSafeClientConnManager(params, registry);
         }
         // Null is a valid return result if we get an exception
         return sClientConnectionManager;