Skip hostname verification when using insecure factory

If the factory was obtained by calling getInsecure(), calls to createSocket() should skip hostname verification (along with all of the other skipped safety checks.) This change slightly relaxes the too-strict checking that was introduced in change 7fc93c36ae235115727296780dbc35101622bbd4. Bug: 2834174 Change-Id: Iab7ef861ad0ca727f82ee8cdb78b89b9e835740d
author: Andrew Stadler <stadler@android.com> 2010-07-12 15:31:40 -0700
committer: android-build SharedAccount <android-build@sekiwake.mtv.corp.google.com> 2010-07-22 22:37:38 -0700
commit: f1f07993792dbf2d49613d474a696ec0927828d2 (patch)
tree: 48f4130a7cfcc356f0b3f6144edb9ffc3f0f383a
parent: 9ffe79c7ebd448de4a0defe7807efec332fdefb4 (diff)
1 files changed, 15 insertions, 6 deletions
diff --git a/core/java/android/net/SSLCertificateSocketFactory.java b/core/java/android/net/SSLCertificateSocketFactory.java
index 9ad125b312e1..31acb5b177e8 100644
--- a/core/java/android/net/SSLCertificateSocketFactory.java
+++ b/core/java/android/net/SSLCertificateSocketFactory.java
@@ -247,13 +247,16 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory {
     /**
      * {@inheritDoc}
      *
-     * <p>This method verifies the peer's certificate hostname after connecting.
+     * <p>This method verifies the peer's certificate hostname after connecting
+     * (unless created with {@link #getInsecure(int, SSLSessionCache)}).
      */
     @Override
     public Socket createSocket(Socket k, String host, int port, boolean close) throws IOException {
         OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(k, host, port, close);
         s.setHandshakeTimeout(mHandshakeTimeoutMillis);
-        verifyHostname(s, host);
+        if (mSecure) {
+            verifyHostname(s, host);
+        }
         return s;
     }
 
@@ -305,7 +308,8 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory {
     /**
      * {@inheritDoc}
      *
-     * <p>This method verifies the peer's certificate hostname after connecting.
+     * <p>This method verifies the peer's certificate hostname after connecting
+     * (unless created with {@link #getInsecure(int, SSLSessionCache)}).
      */
     @Override
     public Socket createSocket(String host, int port, InetAddress localAddr, int localPort)
@@ -313,20 +317,25 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory {
         OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(
                 host, port, localAddr, localPort);
         s.setHandshakeTimeout(mHandshakeTimeoutMillis);
-        verifyHostname(s, host);
+        if (mSecure) {
+            verifyHostname(s, host);
+        }
         return s;
     }
 
     /**
      * {@inheritDoc}
      *
-     * <p>This method verifies the peer's certificate hostname after connecting.
+     * <p>This method verifies the peer's certificate hostname after connecting
+     * (unless created with {@link #getInsecure(int, SSLSessionCache)}).
      */
     @Override
     public Socket createSocket(String host, int port) throws IOException {
         OpenSSLSocketImpl s = (OpenSSLSocketImpl) getDelegate().createSocket(host, port);
         s.setHandshakeTimeout(mHandshakeTimeoutMillis);
-        verifyHostname(s, host);
+        if (mSecure) {
+            verifyHostname(s, host);
+        }
         return s;
     }
author	Andrew Stadler <stadler@android.com>	2010-07-12 15:31:40 -0700
committer	android-build SharedAccount <android-build@sekiwake.mtv.corp.google.com>	2010-07-22 22:37:38 -0700
commit	f1f07993792dbf2d49613d474a696ec0927828d2 (patch)
tree	48f4130a7cfcc356f0b3f6144edb9ffc3f0f383a
parent	9ffe79c7ebd448de4a0defe7807efec332fdefb4 (diff)