From 54f9fd36a77423a55f63fbf9b1bcea055a239768 Mon Sep 17 00:00:00 2001
From: moparisthebest <admin@moparisthebest.com>
Date: Fri, 24 Jul 2015 23:52:14 -0400
Subject: [PATCH] Set SNI hostname if we can for TLS connections

---
 .../k9/mail/ssl/DefaultTrustedSocketFactory.java   | 14 ++++++++++++++
 .../k9/mail/store/webdav/WebDavSocketFactory.java  |  1 +
 2 files changed, 15 insertions(+)

diff --git a/k9mail-library/src/main/java/com/fsck/k9/mail/ssl/DefaultTrustedSocketFactory.java b/k9mail-library/src/main/java/com/fsck/k9/mail/ssl/DefaultTrustedSocketFactory.java
index c2a509dbe..b4916e0b9 100644
--- a/k9mail-library/src/main/java/com/fsck/k9/mail/ssl/DefaultTrustedSocketFactory.java
+++ b/k9mail-library/src/main/java/com/fsck/k9/mail/ssl/DefaultTrustedSocketFactory.java
@@ -164,6 +164,7 @@ public class DefaultTrustedSocketFactory implements TrustedSocketFactory {
             trustedSocket = socketFactory.createSocket(socket, host, port, true);
         }
         hardenSocket((SSLSocket) trustedSocket);
+        setSNIHost(socketFactory, (SSLSocket) trustedSocket, host);
         return trustedSocket;
     }
 
@@ -175,4 +176,17 @@ public class DefaultTrustedSocketFactory implements TrustedSocketFactory {
             sock.setEnabledProtocols(ENABLED_PROTOCOLS);
         }
     }
+
+    public static void setSNIHost(final SSLSocketFactory factory, final SSLSocket socket, final String hostname) {
+        if (factory instanceof android.net.SSLCertificateSocketFactory && android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.JELLY_BEAN_MR1) {
+            ((android.net.SSLCertificateSocketFactory)factory).setHostname(socket, hostname);
+        } else {
+            try {
+                socket.getClass().getMethod("setHostname", String.class).invoke(socket, hostname);
+            } catch (Throwable e) {
+                // ignore any error, we just can't set the hostname...
+                Log.e(LOG_TAG, "Could not call SSLSocket#setHostname(String) method ", e);
+            }
+        }
+    }
 }
diff --git a/k9mail-library/src/main/java/com/fsck/k9/mail/store/webdav/WebDavSocketFactory.java b/k9mail-library/src/main/java/com/fsck/k9/mail/store/webdav/WebDavSocketFactory.java
index 3beeb0131..9554538bb 100644
--- a/k9mail-library/src/main/java/com/fsck/k9/mail/store/webdav/WebDavSocketFactory.java
+++ b/k9mail-library/src/main/java/com/fsck/k9/mail/store/webdav/WebDavSocketFactory.java
@@ -62,6 +62,7 @@ public class WebDavSocketFactory implements LayeredSocketFactory {
                 port,
                 autoClose
         );
+        com.fsck.k9.mail.ssl.DefaultTrustedSocketFactory.setSNIHost(mSocketFactory, sslSocket, host);
         //hostnameVerifier.verify(host, sslSocket);
         // verifyHostName() didn't blowup - good!
         return sslSocket;