[
https://issues.apache.org/jira/browse/HTTPCLIENT-1591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14259667#comment-14259667
]
bitfire edited comment on HTTPCLIENT-1591 at 12/28/14 4:04 PM:
---------------------------------------------------------------
I'll see if I can create one. However, I'm sure that
final SSLSocket sslsock = (SSLSocket) this.socketfactory.createSocket(socket,
target, port, true);
in the code already does a handshake, see here:
http://grepcode.com/file/repository.grepcode.com/java/ext/com.google.android/android/4.2_r1/android/net/SSLCertificateSocketFactory.java#SSLCertificateSocketFactory.createSocket%28java.net.Socket%2Cjava.lang.String%2Cint%2Cboolean%29
(when socketfactory is an android.net.SSLCertificateSocketFactory).
It calls SSLCertificateSocketFactory::verifyHostname (unless mSecure is false,
which is only the case when the factory is created with getInsecure()), and
verifyHostname calls startHandshake().
I have played around with this and the only way to get SNI with proxied
connections working is by using the generic SSLSocketFactory interface:
https://github.com/bitfireAT/davdroid/blob/897ede75821cf8028c46e16a10368053bb32070e/app/src/main/java/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java
was (Author: bitfire):
I'll see if I can create one. However, I'm sure that
final SSLSocket sslsock = (SSLSocket) this.socketfactory.createSocket(
socket,
target,
port,
true);
[already does a
handshake](http://grepcode.com/file/repository.grepcode.com/java/ext/com.google.android/android/4.2_r1/android/net/SSLCertificateSocketFactory.java#SSLCertificateSocketFactory.createSocket%28java.net.Socket%2Cjava.lang.String%2Cint%2Cboolean%29),
when socketfactory is an android.net.SSLCertificateSocketFactory.
It calls SSLCertificateSocketFactory::verifyHostname (unless mSecure is false,
which is only the case when the factory is created with getInsecure()), and
verifyHostname calls startHandshake().
I have played around with this and the only way to get SNI with proxied
connections working is by using the generic SSLSocketFactory interface, see
here:
https://github.com/bitfireAT/davdroid/blob/897ede75821cf8028c46e16a10368053bb32070e/app/src/main/java/at/bitfire/davdroid/webdav/TlsSniSocketFactory.java
> SNI doesn't work in Android port for non-proxied connections
> ------------------------------------------------------------
>
> Key: HTTPCLIENT-1591
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1591
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpConn
> Affects Versions: 4.3.5.1-android
> Reporter: bitfire
>
> #document
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
