Loading k9mail-library/src/main/java/com/fsck/k9/mail/ssl/DefaultTrustedSocketFactory.java +24 −1 Original line number Diff line number Diff line Loading @@ -10,6 +10,7 @@ import java.util.Collections; import java.util.List; import android.content.Context; import android.net.SSLCertificateSocketFactory; import android.text.TextUtils; import android.util.Log; Loading Loading @@ -163,7 +164,11 @@ public class DefaultTrustedSocketFactory implements TrustedSocketFactory { } else { trustedSocket = socketFactory.createSocket(socket, host, port, true); } hardenSocket((SSLSocket) trustedSocket); SSLSocket sslSocket = (SSLSocket) trustedSocket; hardenSocket(sslSocket); setSniHost(socketFactory, sslSocket, host); return trustedSocket; } Loading @@ -175,4 +180,22 @@ public class DefaultTrustedSocketFactory implements TrustedSocketFactory { sock.setEnabledProtocols(ENABLED_PROTOCOLS); } } public static void setSniHost(SSLSocketFactory factory, SSLSocket socket, String hostname) { if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.JELLY_BEAN_MR1 && factory instanceof android.net.SSLCertificateSocketFactory) { SSLCertificateSocketFactory sslCertificateSocketFactory = (SSLCertificateSocketFactory) factory; sslCertificateSocketFactory.setHostname(socket, hostname); } else { setHostnameViaReflection(socket, hostname); } } private static void setHostnameViaReflection(SSLSocket socket, String hostname) { try { socket.getClass().getMethod("setHostname", String.class).invoke(socket, hostname); } catch (Throwable e) { Log.e(LOG_TAG, "Could not call SSLSocket#setHostname(String) method ", e); } } } k9mail-library/src/main/java/com/fsck/k9/mail/store/webdav/WebDavSocketFactory.java +2 −0 Original line number Diff line number Diff line package com.fsck.k9.mail.store.webdav; import com.fsck.k9.mail.ssl.DefaultTrustedSocketFactory; import org.apache.http.conn.ConnectTimeoutException; import org.apache.http.conn.scheme.LayeredSocketFactory; import org.apache.http.params.HttpParams; Loading Loading @@ -62,6 +63,7 @@ public class WebDavSocketFactory implements LayeredSocketFactory { port, autoClose ); DefaultTrustedSocketFactory.setSniHost(mSocketFactory, sslSocket, host); //hostnameVerifier.verify(host, sslSocket); // verifyHostName() didn't blowup - good! return sslSocket; Loading Loading
k9mail-library/src/main/java/com/fsck/k9/mail/ssl/DefaultTrustedSocketFactory.java +24 −1 Original line number Diff line number Diff line Loading @@ -10,6 +10,7 @@ import java.util.Collections; import java.util.List; import android.content.Context; import android.net.SSLCertificateSocketFactory; import android.text.TextUtils; import android.util.Log; Loading Loading @@ -163,7 +164,11 @@ public class DefaultTrustedSocketFactory implements TrustedSocketFactory { } else { trustedSocket = socketFactory.createSocket(socket, host, port, true); } hardenSocket((SSLSocket) trustedSocket); SSLSocket sslSocket = (SSLSocket) trustedSocket; hardenSocket(sslSocket); setSniHost(socketFactory, sslSocket, host); return trustedSocket; } Loading @@ -175,4 +180,22 @@ public class DefaultTrustedSocketFactory implements TrustedSocketFactory { sock.setEnabledProtocols(ENABLED_PROTOCOLS); } } public static void setSniHost(SSLSocketFactory factory, SSLSocket socket, String hostname) { if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.JELLY_BEAN_MR1 && factory instanceof android.net.SSLCertificateSocketFactory) { SSLCertificateSocketFactory sslCertificateSocketFactory = (SSLCertificateSocketFactory) factory; sslCertificateSocketFactory.setHostname(socket, hostname); } else { setHostnameViaReflection(socket, hostname); } } private static void setHostnameViaReflection(SSLSocket socket, String hostname) { try { socket.getClass().getMethod("setHostname", String.class).invoke(socket, hostname); } catch (Throwable e) { Log.e(LOG_TAG, "Could not call SSLSocket#setHostname(String) method ", e); } } }
k9mail-library/src/main/java/com/fsck/k9/mail/store/webdav/WebDavSocketFactory.java +2 −0 Original line number Diff line number Diff line package com.fsck.k9.mail.store.webdav; import com.fsck.k9.mail.ssl.DefaultTrustedSocketFactory; import org.apache.http.conn.ConnectTimeoutException; import org.apache.http.conn.scheme.LayeredSocketFactory; import org.apache.http.params.HttpParams; Loading Loading @@ -62,6 +63,7 @@ public class WebDavSocketFactory implements LayeredSocketFactory { port, autoClose ); DefaultTrustedSocketFactory.setSniHost(mSocketFactory, sslSocket, host); //hostnameVerifier.verify(host, sslSocket); // verifyHostName() didn't blowup - good! return sslSocket; Loading
