Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ec1bd6e5 authored by Costin Manolache's avatar Costin Manolache Committed by Android (Google) Code Review
Browse files

Merge "Remove the warning if the caller gets the insecure variant and add...

Merge "Remove the warning if the caller gets the insecure variant and add hostname verification (SNI)"
parents dd2399a0 007392a8
Loading
Loading
Loading
Loading
+3 −3
Original line number Diff line number Diff line
@@ -135,7 +135,8 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory {
     * disabled, using an optional handshake timeout and SSL session cache.
     *
     * <p class="caution"><b>Warning:</b> Sockets created using this factory
     * are vulnerable to man-in-the-middle attacks!</p>
     * are vulnerable to man-in-the-middle attacks!</p>. The caller must implement
     * its own verification.
     *
     * @param handshakeTimeoutMillis to use for SSL connection handshake, or 0
     *         for none.  The socket timeout is reset to 0 after the handshake.
@@ -223,8 +224,6 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory {
            if (mInsecureFactory == null) {
                if (mSecure) {
                    Log.w(TAG, "*** BYPASSING SSL SECURITY CHECKS (socket.relaxsslcheck=yes) ***");
                } else {
                    Log.w(TAG, "Bypassing SSL security checks at caller's request");
                }
                mInsecureFactory = makeSocketFactory(mKeyManagers, INSECURE_TRUST_MANAGER);
            }
@@ -431,6 +430,7 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory {
        s.setAlpnProtocols(mAlpnProtocols);
        s.setHandshakeTimeout(mHandshakeTimeoutMillis);
        s.setChannelIdPrivateKey(mChannelIdPrivateKey);
        s.setHostname(host);
        if (mSecure) {
            verifyHostname(s, host);
        }