Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit df27c0c2 authored by Andrew Stadler's avatar Andrew Stadler
Browse files

Skip hostname verification when using insecure factory 

If the factory was obtained by calling getInsecure(), calls to
createSocket() should skip hostname verification (along with all of the
other skipped safety checks.)

This change slightly relaxes the too-strict checking that was introduced
in change 7fc93c36.

Bug: 2834174
Change-Id: Iab7ef861ad0ca727f82ee8cdb78b89b9e835740d
parent ef13d028

core/java/android/net/SSLCertificateSocketFactory.java

+15 −6
Original line number Diff line number Diff line
@@ -247,13 +247,16 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { 
    /**

     * {@inheritDoc}

     *

     * <p>This method verifies the peer's certificate hostname after connecting.

     * <p>This method verifies the peer's certificate hostname after connecting

     * (unless created with {@link #getInsecure(int, SSLSessionCache)}).

     */

    @Override

    public Socket createSocket(Socket k, String host, int port, boolean close) throws IOException {

        OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(k, host, port, close);

        s.setHandshakeTimeout(mHandshakeTimeoutMillis);

        if (mSecure) {

            verifyHostname(s, host);

        }

        return s;

    }
@@ -305,7 +308,8 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { 
    /**

     * {@inheritDoc}

     *

     * <p>This method verifies the peer's certificate hostname after connecting.

     * <p>This method verifies the peer's certificate hostname after connecting

     * (unless created with {@link #getInsecure(int, SSLSessionCache)}).

     */

    @Override

    public Socket createSocket(String host, int port, InetAddress localAddr, int localPort)
@@ -313,20 +317,25 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { 
        OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(

                host, port, localAddr, localPort);

        s.setHandshakeTimeout(mHandshakeTimeoutMillis);

        if (mSecure) {

            verifyHostname(s, host);

        }

        return s;

    }



    /**

     * {@inheritDoc}

     *

     * <p>This method verifies the peer's certificate hostname after connecting.

     * <p>This method verifies the peer's certificate hostname after connecting

     * (unless created with {@link #getInsecure(int, SSLSessionCache)}).

     */

    @Override

    public Socket createSocket(String host, int port) throws IOException {

        OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(host, port);

        s.setHandshakeTimeout(mHandshakeTimeoutMillis);

        if (mSecure) {

            verifyHostname(s, host);

        }

        return s;

    }