diff options
author | Kenny Root <kroot@google.com> | 2015-05-12 15:13:50 -0700 |
---|---|---|
committer | Kenny Root <kroot@google.com> | 2015-05-12 22:25:03 +0000 |
commit | 317c0a4959df0361431d5fbf7dacc162bfb48cd2 (patch) | |
tree | 55b480d27186e1f24c3f3c6c5c775a1eb60c67c9 | |
parent | aa83190cb650e9b714f2b980aa29ece8f86d587a (diff) | |
download | android_external_apache-http-317c0a4959df0361431d5fbf7dacc162bfb48cd2.tar.gz android_external_apache-http-317c0a4959df0361431d5fbf7dacc162bfb48cd2.tar.bz2 android_external_apache-http-317c0a4959df0361431d5fbf7dacc162bfb48cd2.zip |
Start handshake before calling hostname verifier
If the hostname verifier calls SSLSocket#getSession() before the
handshake has been started, it will implicitly start the handshake.
However, it will swallow any errors and return the canonical invalid
SSLSession instead. This makes it extremely difficult to debug issues.
Instead start the handshake before calling into the verifier since we
are guaranteed to be the first caller of #startHandshake() and won't
cause a renegotiation. That will allow us to see the actual
SSLHandshakeException if it occurs.
Bug: 14975169
Bug: 17332309
Bug: 17524215
Bug: 17812533
Bug: 18507278
Bug: 19069992
Bug: 19378885
Bug: 19414083
Bug: 19550311
Bug: 19731556
Bug: 19853723
Bug: 20908941
Change-Id: Ie74ec12c8b131c7bf400a07fc91c78da4d5e470f
-rw-r--r-- | src/org/apache/http/conn/ssl/SSLSocketFactory.java | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/org/apache/http/conn/ssl/SSLSocketFactory.java b/src/org/apache/http/conn/ssl/SSLSocketFactory.java index 1e46fee..0b5aa37 100644 --- a/src/org/apache/http/conn/ssl/SSLSocketFactory.java +++ b/src/org/apache/http/conn/ssl/SSLSocketFactory.java @@ -330,6 +330,14 @@ public class SSLSocketFactory implements LayeredSocketFactory { sslsock.setSoTimeout(soTimeout); try { + // BEGIN android-added + /* + * Make sure we have started the handshake before verifying. + * Otherwise when we go to the hostname verifier, it directly calls + * SSLSocket#getSession() which swallows SSL handshake errors. + */ + sslsock.startHandshake(); + // END android-added hostnameVerifier.verify(host, sslsock); // verifyHostName() didn't blowup - good! } catch (IOException iox) { |