Set SNI hostname if we can for TLS connections

This commit is contained in:
Travis Burtrum 2015-07-24 23:52:14 -04:00
parent 8de2ec7f27
commit 54f9fd36a7
2 changed files with 15 additions and 0 deletions

View File

@ -164,6 +164,7 @@ public class DefaultTrustedSocketFactory implements TrustedSocketFactory {
trustedSocket = socketFactory.createSocket(socket, host, port, true);
}
hardenSocket((SSLSocket) trustedSocket);
setSNIHost(socketFactory, (SSLSocket) trustedSocket, host);
return trustedSocket;
}
@ -175,4 +176,17 @@ public class DefaultTrustedSocketFactory implements TrustedSocketFactory {
sock.setEnabledProtocols(ENABLED_PROTOCOLS);
}
}
public static void setSNIHost(final SSLSocketFactory factory, final SSLSocket socket, final String hostname) {
if (factory instanceof android.net.SSLCertificateSocketFactory && android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.JELLY_BEAN_MR1) {
((android.net.SSLCertificateSocketFactory)factory).setHostname(socket, hostname);
} else {
try {
socket.getClass().getMethod("setHostname", String.class).invoke(socket, hostname);
} catch (Throwable e) {
// ignore any error, we just can't set the hostname...
Log.e(LOG_TAG, "Could not call SSLSocket#setHostname(String) method ", e);
}
}
}
}

View File

@ -62,6 +62,7 @@ public class WebDavSocketFactory implements LayeredSocketFactory {
port,
autoClose
);
com.fsck.k9.mail.ssl.DefaultTrustedSocketFactory.setSNIHost(mSocketFactory, sslSocket, host);
//hostnameVerifier.verify(host, sslSocket);
// verifyHostName() didn't blowup - good!
return sslSocket;