Loading core/java/android/net/SSLCertificateSocketFactory.java +22 −8 Original line number Diff line number Diff line Loading @@ -68,10 +68,14 @@ import javax.net.ssl.X509TrustManager; * use {@link InetAddress} or which return an unconnected socket, you MUST * verify the server's identity yourself to ensure a secure connection.</p> * * <p>One way to verify the server's identity is to use * <p>The recommended way to verify the server's identity is to use * {@link HttpsURLConnection#getDefaultHostnameVerifier()} to get a * {@link HostnameVerifier} to verify the certificate hostname. * * <p><b>Warning</b>: Some methods on this class return connected sockets and some return * unconnected sockets. For the methods that return connected sockets, setting * connection- or handshake-related properties on those sockets will have no effect. * * <p>On development devices, "setprop socket.relaxsslcheck yes" bypasses all * SSL certificate and hostname checks for testing purposes. This setting * requires root access. Loading Loading @@ -437,8 +441,10 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { /** * {@inheritDoc} * * <p>This method verifies the peer's certificate hostname after connecting * (unless created with {@link #getInsecure(int, SSLSessionCache)}). * <p>By default, this method returns a <i>connected</i> socket and verifies the peer's * certificate hostname after connecting; if this instance was created with * {@link #getInsecure(int, SSLSessionCache)}, it returns a socket that is <i>not connected</i> * instead. */ @Override public Socket createSocket(Socket k, String host, int port, boolean close) throws IOException { Loading @@ -454,7 +460,7 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { } /** * Creates a new socket which is not connected to any remote host. * Creates a new socket which is <i>not connected</i> to any remote host. * You must use {@link Socket#connect} to connect the socket. * * <p class="caution"><b>Warning:</b> Hostname verification is not performed Loading @@ -474,6 +480,8 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { /** * {@inheritDoc} * * <p>This method returns a socket that is <i>not connected</i>. * * <p class="caution"><b>Warning:</b> Hostname verification is not performed * with this method. You MUST verify the server's identity after connecting * the socket to avoid man-in-the-middle attacks.</p> Loading @@ -493,6 +501,8 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { /** * {@inheritDoc} * * <p>This method returns a socket that is <i>not connected</i>. * * <p class="caution"><b>Warning:</b> Hostname verification is not performed * with this method. You MUST verify the server's identity after connecting * the socket to avoid man-in-the-middle attacks.</p> Loading @@ -510,8 +520,10 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { /** * {@inheritDoc} * * <p>This method verifies the peer's certificate hostname after connecting * (unless created with {@link #getInsecure(int, SSLSessionCache)}). * <p>By default, this method returns a <i>connected</i> socket and verifies the peer's * certificate hostname after connecting; if this instance was created with * {@link #getInsecure(int, SSLSessionCache)}, it returns a socket that is <i>not connected</i> * instead. */ @Override public Socket createSocket(String host, int port, InetAddress localAddr, int localPort) Loading @@ -531,8 +543,10 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { /** * {@inheritDoc} * * <p>This method verifies the peer's certificate hostname after connecting * (unless created with {@link #getInsecure(int, SSLSessionCache)}). * <p>By default, this method returns a <i>connected</i> socket and verifies the peer's * certificate hostname after connecting; if this instance was created with * {@link #getInsecure(int, SSLSessionCache)}, it returns a socket that is <i>not connected</i> * instead. */ @Override public Socket createSocket(String host, int port) throws IOException { Loading Loading
core/java/android/net/SSLCertificateSocketFactory.java +22 −8 Original line number Diff line number Diff line Loading @@ -68,10 +68,14 @@ import javax.net.ssl.X509TrustManager; * use {@link InetAddress} or which return an unconnected socket, you MUST * verify the server's identity yourself to ensure a secure connection.</p> * * <p>One way to verify the server's identity is to use * <p>The recommended way to verify the server's identity is to use * {@link HttpsURLConnection#getDefaultHostnameVerifier()} to get a * {@link HostnameVerifier} to verify the certificate hostname. * * <p><b>Warning</b>: Some methods on this class return connected sockets and some return * unconnected sockets. For the methods that return connected sockets, setting * connection- or handshake-related properties on those sockets will have no effect. * * <p>On development devices, "setprop socket.relaxsslcheck yes" bypasses all * SSL certificate and hostname checks for testing purposes. This setting * requires root access. Loading Loading @@ -437,8 +441,10 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { /** * {@inheritDoc} * * <p>This method verifies the peer's certificate hostname after connecting * (unless created with {@link #getInsecure(int, SSLSessionCache)}). * <p>By default, this method returns a <i>connected</i> socket and verifies the peer's * certificate hostname after connecting; if this instance was created with * {@link #getInsecure(int, SSLSessionCache)}, it returns a socket that is <i>not connected</i> * instead. */ @Override public Socket createSocket(Socket k, String host, int port, boolean close) throws IOException { Loading @@ -454,7 +460,7 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { } /** * Creates a new socket which is not connected to any remote host. * Creates a new socket which is <i>not connected</i> to any remote host. * You must use {@link Socket#connect} to connect the socket. * * <p class="caution"><b>Warning:</b> Hostname verification is not performed Loading @@ -474,6 +480,8 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { /** * {@inheritDoc} * * <p>This method returns a socket that is <i>not connected</i>. * * <p class="caution"><b>Warning:</b> Hostname verification is not performed * with this method. You MUST verify the server's identity after connecting * the socket to avoid man-in-the-middle attacks.</p> Loading @@ -493,6 +501,8 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { /** * {@inheritDoc} * * <p>This method returns a socket that is <i>not connected</i>. * * <p class="caution"><b>Warning:</b> Hostname verification is not performed * with this method. You MUST verify the server's identity after connecting * the socket to avoid man-in-the-middle attacks.</p> Loading @@ -510,8 +520,10 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { /** * {@inheritDoc} * * <p>This method verifies the peer's certificate hostname after connecting * (unless created with {@link #getInsecure(int, SSLSessionCache)}). * <p>By default, this method returns a <i>connected</i> socket and verifies the peer's * certificate hostname after connecting; if this instance was created with * {@link #getInsecure(int, SSLSessionCache)}, it returns a socket that is <i>not connected</i> * instead. */ @Override public Socket createSocket(String host, int port, InetAddress localAddr, int localPort) Loading @@ -531,8 +543,10 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { /** * {@inheritDoc} * * <p>This method verifies the peer's certificate hostname after connecting * (unless created with {@link #getInsecure(int, SSLSessionCache)}). * <p>By default, this method returns a <i>connected</i> socket and verifies the peer's * certificate hostname after connecting; if this instance was created with * {@link #getInsecure(int, SSLSessionCache)}, it returns a socket that is <i>not connected</i> * instead. */ @Override public Socket createSocket(String host, int port) throws IOException { Loading
