Start handshake before calling hostname verifier

If the hostname verifier calls SSLSocket#getSession() before the
handshake has been started, it will implicitly start the handshake.
However, it will swallow any errors and return the canonical invalid
SSLSession instead. This makes it extremely difficult to debug issues.

Instead start the handshake before calling into the verifier since we
are guaranteed to be the first caller of #startHandshake() and won't
cause a renegotiation. That will allow us to see the actual
SSLHandshakeException if it occurs.

Bug: 14975169
Bug: 17332309
Bug: 17524215
Bug: 17812533
Bug: 18507278
Bug: 19069992
Bug: 19378885
Bug: 19414083
Bug: 19550311
Bug: 19731556
Bug: 19853723
Bug: 20908941
Change-Id: Ie74ec12c8b131c7bf400a07fc91c78da4d5e470f

1 files changed, 8 insertions, 0 deletions

diff --git a/src/org/apache/http/conn/ssl/SSLSocketFactory.java b/src/org/apache/http/conn/ssl/SSLSocketFactory.java
index 1e46fee..0b5aa37 100644
--- a/src/org/apache/http/conn/ssl/SSLSocketFactory.java
+++ b/src/org/apache/http/conn/ssl/SSLSocketFactory.java
@@ -330,6 +330,14 @@ public class SSLSocketFactory implements LayeredSocketFactory {
 
         sslsock.setSoTimeout(soTimeout);
         try {
+            // BEGIN android-added
+            /*
+             * Make sure we have started the handshake before verifying.
+             * Otherwise when we go to the hostname verifier, it directly calls
+             * SSLSocket#getSession() which swallows SSL handshake errors.
+             */
+            sslsock.startHandshake();
+            // END android-added
             hostnameVerifier.verify(host, sslsock);
             // verifyHostName() didn't blowup - good!
         } catch (IOException iox) {