Set SNI hostname if we can for TLS connections

k9mail-library/src/main/java/com/fsck/k9/mail/ssl/DefaultTrustedSocketFactory.java

@@ -164,6 +164,7 @@ public class DefaultTrustedSocketFactory implements TrustedSocketFactory {
             trustedSocket = socketFactory.createSocket(socket, host, port, true);
         }
         hardenSocket((SSLSocket) trustedSocket);
+        setSNIHost(socketFactory, (SSLSocket) trustedSocket, host);
         return trustedSocket;
     }
 
@@ -175,4 +176,17 @@ public class DefaultTrustedSocketFactory implements TrustedSocketFactory {
             sock.setEnabledProtocols(ENABLED_PROTOCOLS);
         }
     }
+
+    public static void setSNIHost(final SSLSocketFactory factory, final SSLSocket socket, final String hostname) {
+        if (factory instanceof android.net.SSLCertificateSocketFactory && android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.JELLY_BEAN_MR1) {
+            ((android.net.SSLCertificateSocketFactory)factory).setHostname(socket, hostname);
+        } else {
+            try {
+                socket.getClass().getMethod("setHostname", String.class).invoke(socket, hostname);
+            } catch (Throwable e) {
+                // ignore any error, we just can't set the hostname...
+                Log.e(LOG_TAG, "Could not call SSLSocket#setHostname(String) method ", e);
+            }
+        }
+    }
 }

k9mail-library/src/main/java/com/fsck/k9/mail/store/webdav/WebDavSocketFactory.java

@@ -62,6 +62,7 @@ public class WebDavSocketFactory implements LayeredSocketFactory {
                 port,
                 autoClose
         );
+        com.fsck.k9.mail.ssl.DefaultTrustedSocketFactory.setSNIHost(mSocketFactory, sslSocket, host);
         //hostnameVerifier.verify(host, sslSocket);
         // verifyHostName() didn't blowup - good!
         return sslSocket;