Merge "Revert "Remove the warning if the caller gets the insecure variant and add hostname verification (SNI)"" into lmp-dev

author: Kenny Root <kroot@google.com> 2014-08-18 17:19:59 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2014-08-16 03:52:42 +0000
commit: f6040e9c116e8723b3312499987c370d2e9ee7c7 (patch)
tree: 0e06bc4d912ee66bd7358de98ddde4a744efa1ae /core/java/android
parent: 89e4ae2f504b4c55d7823c3f04d4894de0d8e471 (diff)
parent: e19ca078bf1778a344366672de020e63a80252a9 (diff)
download: frameworks_base-f6040e9c116e8723b3312499987c370d2e9ee7c7.zip
frameworks_base-f6040e9c116e8723b3312499987c370d2e9ee7c7.tar.gz
frameworks_base-f6040e9c116e8723b3312499987c370d2e9ee7c7.tar.bz2
1 files changed, 3 insertions, 3 deletions
diff --git a/core/java/android/net/SSLCertificateSocketFactory.java b/core/java/android/net/SSLCertificateSocketFactory.java
index 12e8791..b0278d3 100644
--- a/core/java/android/net/SSLCertificateSocketFactory.java
+++ b/core/java/android/net/SSLCertificateSocketFactory.java
@@ -135,8 +135,7 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory {
      * disabled, using an optional handshake timeout and SSL session cache.
      *
      * <p class="caution"><b>Warning:</b> Sockets created using this factory
-     * are vulnerable to man-in-the-middle attacks!</p>. The caller must implement
-     * its own verification.
+     * are vulnerable to man-in-the-middle attacks!</p>
      *
      * @param handshakeTimeoutMillis to use for SSL connection handshake, or 0
      *         for none.  The socket timeout is reset to 0 after the handshake.
@@ -224,6 +223,8 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory {
             if (mInsecureFactory == null) {
                 if (mSecure) {
                     Log.w(TAG, "*** BYPASSING SSL SECURITY CHECKS (socket.relaxsslcheck=yes) ***");
+                } else {
+                    Log.w(TAG, "Bypassing SSL security checks at caller's request");
                 }
                 mInsecureFactory = makeSocketFactory(mKeyManagers, INSECURE_TRUST_MANAGER);
             }
@@ -430,7 +431,6 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory {
         s.setAlpnProtocols(mAlpnProtocols);
         s.setHandshakeTimeout(mHandshakeTimeoutMillis);
         s.setChannelIdPrivateKey(mChannelIdPrivateKey);
-        s.setHostname(host);
         if (mSecure) {
             verifyHostname(s, host);
         }
author	Kenny Root <kroot@google.com>	2014-08-18 17:19:59 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2014-08-16 03:52:42 +0000
commit	f6040e9c116e8723b3312499987c370d2e9ee7c7 (patch)
tree	0e06bc4d912ee66bd7358de98ddde4a744efa1ae /core/java/android
parent	89e4ae2f504b4c55d7823c3f04d4894de0d8e471 (diff)
parent	e19ca078bf1778a344366672de020e63a80252a9 (diff)
download	frameworks_base-f6040e9c116e8723b3312499987c370d2e9ee7c7.zip frameworks_base-f6040e9c116e8723b3312499987c370d2e9ee7c7.tar.gz frameworks_base-f6040e9c116e8723b3312499987c370d2e9ee7c7.tar.bz2