Start handshake before calling hostname verifier, part 2

If the hostname verifier calls SSLSocket#getSession() before the
handshake has been started, it will implicitly start the handshake.
However, it will swallow any errors and return the canonical invalid
SSLSession instead. This makes it extremely difficult to debug issues.

Instead start the handshake before calling into the verifier since we
are guaranteed to be the first caller of #startHandshake() and won't
cause a renegotiation. That will allow us to see the actual
SSLHandshakeException if it occurs.

Follow up for change 317c0a4959df0361431d5fbf7dacc162bfb48cd2

Bug: 21118659
Change-Id: I8c606a78ba8a990b4e0d28880b566867261fefbc

1 files changed, 8 insertions, 0 deletions

diff --git a/core/java/org/apache/http/conn/ssl/SSLSocketFactory.java b/core/java/org/apache/http/conn/ssl/SSLSocketFactory.java
index ae14149..250932b 100644
--- a/core/java/org/apache/http/conn/ssl/SSLSocketFactory.java
+++ b/core/java/org/apache/http/conn/ssl/SSLSocketFactory.java
@@ -397,6 +397,14 @@ public class SSLSocketFactory implements LayeredSocketFactory {
               port,
               autoClose
         );
+        // BEGIN android-added
+        /*
+         * Make sure we have started the handshake before verifying.
+         * Otherwise when we go to the hostname verifier, it directly calls
+         * SSLSocket#getSession() which swallows SSL handshake errors.
+         */
+        sslSocket.startHandshake();
+        // END android-added
         hostnameVerifier.verify(host, sslSocket);
         // verifyHostName() didn't blowup - good!
         return sslSocket;