Browse Source

Set SNI hostname if we can for TLS connections

master
Travis Burtrum 8 years ago
parent
commit
54f9fd36a7
  1. 14
      k9mail-library/src/main/java/com/fsck/k9/mail/ssl/DefaultTrustedSocketFactory.java
  2. 1
      k9mail-library/src/main/java/com/fsck/k9/mail/store/webdav/WebDavSocketFactory.java

14
k9mail-library/src/main/java/com/fsck/k9/mail/ssl/DefaultTrustedSocketFactory.java

@ -164,6 +164,7 @@ public class DefaultTrustedSocketFactory implements TrustedSocketFactory { @@ -164,6 +164,7 @@ public class DefaultTrustedSocketFactory implements TrustedSocketFactory {
trustedSocket = socketFactory.createSocket(socket, host, port, true);
}
hardenSocket((SSLSocket) trustedSocket);
setSNIHost(socketFactory, (SSLSocket) trustedSocket, host);
return trustedSocket;
}
@ -175,4 +176,17 @@ public class DefaultTrustedSocketFactory implements TrustedSocketFactory { @@ -175,4 +176,17 @@ public class DefaultTrustedSocketFactory implements TrustedSocketFactory {
sock.setEnabledProtocols(ENABLED_PROTOCOLS);
}
}
public static void setSNIHost(final SSLSocketFactory factory, final SSLSocket socket, final String hostname) {
if (factory instanceof android.net.SSLCertificateSocketFactory && android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.JELLY_BEAN_MR1) {
((android.net.SSLCertificateSocketFactory)factory).setHostname(socket, hostname);
} else {
try {
socket.getClass().getMethod("setHostname", String.class).invoke(socket, hostname);
} catch (Throwable e) {
// ignore any error, we just can't set the hostname...
Log.e(LOG_TAG, "Could not call SSLSocket#setHostname(String) method ", e);
}
}
}
}

1
k9mail-library/src/main/java/com/fsck/k9/mail/store/webdav/WebDavSocketFactory.java

@ -62,6 +62,7 @@ public class WebDavSocketFactory implements LayeredSocketFactory { @@ -62,6 +62,7 @@ public class WebDavSocketFactory implements LayeredSocketFactory {
port,
autoClose
);
com.fsck.k9.mail.ssl.DefaultTrustedSocketFactory.setSNIHost(mSocketFactory, sslSocket, host);
//hostnameVerifier.verify(host, sslSocket);
// verifyHostName() didn't blowup - good!
return sslSocket;

Loading…
Cancel
Save