Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e19ca078 authored by Kenny Root's avatar Kenny Root
Browse files

Revert "Remove the warning if the caller gets the insecure variant and add... 

Revert "Remove the warning if the caller gets the insecure variant and add hostname verification (SNI)"

This reverts commit 007392a8.

Bug: 16660566
parent 9fde9a25

core/java/android/net/SSLCertificateSocketFactory.java

+3 −3
Original line number Diff line number Diff line
@@ -135,8 +135,7 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { 
     * disabled, using an optional handshake timeout and SSL session cache.

     *

     * <p class="caution"><b>Warning:</b> Sockets created using this factory

     * are vulnerable to man-in-the-middle attacks!</p>. The caller must implement

     * its own verification.

     * are vulnerable to man-in-the-middle attacks!</p>

     *

     * @param handshakeTimeoutMillis to use for SSL connection handshake, or 0

     *         for none.  The socket timeout is reset to 0 after the handshake.
@@ -224,6 +223,8 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { 
            if (mInsecureFactory == null) {

                if (mSecure) {

                    Log.w(TAG, "*** BYPASSING SSL SECURITY CHECKS (socket.relaxsslcheck=yes) ***");

                } else {

                    Log.w(TAG, "Bypassing SSL security checks at caller's request");

                }

                mInsecureFactory = makeSocketFactory(mKeyManagers, INSECURE_TRUST_MANAGER);

            }
@@ -430,7 +431,6 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { 
        s.setAlpnProtocols(mAlpnProtocols);

        s.setHandshakeTimeout(mHandshakeTimeoutMillis);

        s.setChannelIdPrivateKey(mChannelIdPrivateKey);

        s.setHostname(host);

        if (mSecure) {

            verifyHostname(s, host);

        }