Skip hostname verification when using insecure factory

If the factory was obtained by calling getInsecure(), calls to createSocket() should skip hostname verification (along with all of the other skipped safety checks.) This change slightly relaxes the too-strict checking that was introduced in change 7fc93c3. Bug: 2834174 Change-Id: Iab7ef861ad0ca727f82ee8cdb78b89b9e835740d
Redux · Jul 23, 2010 · f1f0799 · f1f0799
1 parent 9ffe79c
commit f1f0799
Showing 1 changed file with 15 additions and 6 deletions.
diff --git a/core/java/android/net/SSLCertificateSocketFactory.java b/core/java/android/net/SSLCertificateSocketFactory.java
@@ -247,13 +247,16 @@ private synchronized SSLSocketFactory getDelegate() {
     /**
      * {@inheritDoc}
      *
-     * <p>This method verifies the peer's certificate hostname after connecting.
+     * <p>This method verifies the peer's certificate hostname after connecting
+     * (unless created with {@link #getInsecure(int, SSLSessionCache)}).
      */
     @Override
     public Socket createSocket(Socket k, String host, int port, boolean close) throws IOException {
         OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(k, host, port, close);
         s.setHandshakeTimeout(mHandshakeTimeoutMillis);
-        verifyHostname(s, host);
+        if (mSecure) {
+            verifyHostname(s, host);
+        }
         return s;
     }
 
@@ -305,28 +308,34 @@ public Socket createSocket(InetAddress addr, int port) throws IOException {
     /**
      * {@inheritDoc}
      *
-     * <p>This method verifies the peer's certificate hostname after connecting.
+     * <p>This method verifies the peer's certificate hostname after connecting
+     * (unless created with {@link #getInsecure(int, SSLSessionCache)}).
      */
     @Override
     public Socket createSocket(String host, int port, InetAddress localAddr, int localPort)
             throws IOException {
         OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(
                 host, port, localAddr, localPort);
         s.setHandshakeTimeout(mHandshakeTimeoutMillis);
-        verifyHostname(s, host);
+        if (mSecure) {
+            verifyHostname(s, host);
+        }
         return s;
     }
 
     /**
      * {@inheritDoc}
      *
-     * <p>This method verifies the peer's certificate hostname after connecting.
+     * <p>This method verifies the peer's certificate hostname after connecting
+     * (unless created with {@link #getInsecure(int, SSLSessionCache)}).
      */
     @Override
     public Socket createSocket(String host, int port) throws IOException {
         OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(host, port);
         s.setHandshakeTimeout(mHandshakeTimeoutMillis);
-        verifyHostname(s, host);
+        if (mSecure) {
+            verifyHostname(s, host);
+        }
         return s;
     }