Revert "Remove the warning if the caller gets the insecure variant and add hostname verification (SNI)"

This reverts commit 007392a8a17df8b608f4ccd9129436cb570090d3.

Bug: 16660566

1 files changed, 3 insertions, 3 deletions

diff --git a/core/java/android/net/SSLCertificateSocketFactory.java b/core/java/android/net/SSLCertificateSocketFactory.java
index 12e8791..b0278d3 100644
--- a/core/java/android/net/SSLCertificateSocketFactory.java
+++ b/core/java/android/net/SSLCertificateSocketFactory.java
@@ -135,8 +135,7 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory {
      * disabled, using an optional handshake timeout and SSL session cache.
      *
      * <p class="caution"><b>Warning:</b> Sockets created using this factory
-     * are vulnerable to man-in-the-middle attacks!</p>. The caller must implement
-     * its own verification.
+     * are vulnerable to man-in-the-middle attacks!</p>
      *
      * @param handshakeTimeoutMillis to use for SSL connection handshake, or 0
      *         for none.  The socket timeout is reset to 0 after the handshake.
@@ -224,6 +223,8 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory {
             if (mInsecureFactory == null) {
                 if (mSecure) {
                     Log.w(TAG, "*** BYPASSING SSL SECURITY CHECKS (socket.relaxsslcheck=yes) ***");
+                } else {
+                    Log.w(TAG, "Bypassing SSL security checks at caller's request");
                 }
                 mInsecureFactory = makeSocketFactory(mKeyManagers, INSECURE_TRUST_MANAGER);
             }
@@ -430,7 +431,6 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory {
         s.setAlpnProtocols(mAlpnProtocols);
         s.setHandshakeTimeout(mHandshakeTimeoutMillis);
         s.setChannelIdPrivateKey(mChannelIdPrivateKey);
-        s.setHostname(host);
         if (mSecure) {
             verifyHostname(s, host);
         }