Hans-Christoph Steiner:
> Michael Rogers:
>> On 06/09/16 11:54, Hans-Christoph Steiner wrote:
>>> Have you run tests yet of HTTPS verification using your technique?  You
>>> can take code from the NetCipher tests if you want.
>> Thanks, that's a good idea. We've tried it with a few HTTPS sites but
>> haven't done any testing in depth.
>>> I don't remember details now, but I know that when doing tricks with how
>>> Socket instances are created on Android, important pieces went missing,
>>> like hostname verification.  In cases like these, it is important to
>>> remember that Android != Java.  Android only promises to provide what
>>> they document in their SDK docs, not all of Java.  And many companies
>>> choose to take that opportunity to get lazy/sloppy with their builds of
>>> Android.
>> Unfortunately these device-specific issues are hard to test on anything
>> except a pile of real devices - any suggestions for how to reduce the
>> manual testing workload?
> I usually aim to test on one device from a major manufacturer,
> especially ones that are known to customize their ROMs a lot (e.g.
> Samsung).  For a good survey, you have to use services like appthwack
> that let you rent lots of devices by the hour.
> So my memory is coming back on the technical details of all this. It
> seems that Apache Harmony/Android's implementation of sockets omitted
> the SOCKS support, even though the docs said it was there.  They added
> it in some time recently, like 5.1 or maybe even 6.0.  It would be good
> to find a real reference to that so we know when we can count on it.

I didn't find a solid reference yet, but this test for me confirms that
at least in terms of HttpURLConnection on android-22, SOCKS proxies do
not work:

 URL url = new URL("https://facebookcorewwwi.onion";);
 Proxy proxy = new Proxy(Proxy.Type.SOCKS,
   new InetSocketAddress("", 9050));
 HttpURLConnection connection = (HttpURLConnection)
 connection.setConnectTimeout(0); // blocking connect with TCP timeout
 assertEquals(200, connection.getResponseCode());


PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To unsubscribe, email:  guardian-dev-unsubscr...@lists.mayfirst.org

Reply via email to