From 5648c97be2c515bdafeff3d8a4b07ea0ddc3e357 Mon Sep 17 00:00:00 2001
From: Brian Carlstrom <bdc@google.com>
Date: Wed, 5 May 2010 10:13:48 -0700
Subject: Remove explicit SSLSocket.startHandshake

When dalvik-dev merges to master, startHandshake will imply that the
caller wants a fully synchronous handshake instead of using handshake
cutthrough. This removes an unnecessary startHandshake so that
handshake cutthrough won't be disabled for Apache http connections.

    This change brings Abstract verify into sync with the code from
    javax.net.ssl.DefaultHostnameVerifier from dalvik-dev which also
    removed this same duplicated code.

	src/org/apache/http/conn/ssl/AbstractVerifier.java

Change-Id: I505e27db97ce49d3c76b3a8af9046238149500d3
---
 src/org/apache/http/conn/ssl/AbstractVerifier.java | 37 ----------------------
 1 file changed, 37 deletions(-)

diff --git a/src/org/apache/http/conn/ssl/AbstractVerifier.java b/src/org/apache/http/conn/ssl/AbstractVerifier.java
index 5195e58..e409db9 100644
--- a/src/org/apache/http/conn/ssl/AbstractVerifier.java
+++ b/src/org/apache/http/conn/ssl/AbstractVerifier.java
@@ -89,44 +89,7 @@ public abstract class AbstractVerifier implements X509HostnameVerifier {
             throw new NullPointerException("host to verify is null");
         }
 
-        ssl.startHandshake();
         SSLSession session = ssl.getSession();
-        if(session == null) {
-            // In our experience this only happens under IBM 1.4.x when
-            // spurious (unrelated) certificates show up in the server'
-            // chain.  Hopefully this will unearth the real problem:
-            InputStream in = ssl.getInputStream();
-            in.available();
-            /*
-              If you're looking at the 2 lines of code above because
-              you're running into a problem, you probably have two
-              options:
-
-                #1.  Clean up the certificate chain that your server
-                     is presenting (e.g. edit "/etc/apache2/server.crt"
-                     or wherever it is your server's certificate chain
-                     is defined).
-
-                                           OR
-
-                #2.   Upgrade to an IBM 1.5.x or greater JVM, or switch
-                      to a non-IBM JVM.
-            */
-
-            // If ssl.getInputStream().available() didn't cause an
-            // exception, maybe at least now the session is available?
-            session = ssl.getSession();
-            if(session == null) {
-                // If it's still null, probably a startHandshake() will
-                // unearth the real problem.
-                ssl.startHandshake();
-
-                // Okay, if we still haven't managed to cause an exception,
-                // might as well go for the NPE.  Or maybe we're okay now?
-                session = ssl.getSession();
-            }
-        }
-
         Certificate[] certs = session.getPeerCertificates();
         X509Certificate x509 = (X509Certificate) certs[0];
         verify(host, x509);
-- 
cgit v1.1