Hans-Christoph Steiner: > > > Michael Rogers: >> On 06/09/16 11:54, Hans-Christoph Steiner wrote: >>> Have you run tests yet of HTTPS verification using your technique? You >>> can take code from the NetCipher tests if you want. >> >> Thanks, that's a good idea. We've tried it with a few HTTPS sites but >> haven't done any testing in depth. >> >>> I don't remember details now, but I know that when doing tricks with how >>> Socket instances are created on Android, important pieces went missing, >>> like hostname verification. In cases like these, it is important to >>> remember that Android != Java. Android only promises to provide what >>> they document in their SDK docs, not all of Java. And many companies >>> choose to take that opportunity to get lazy/sloppy with their builds of >>> Android. >> >> Unfortunately these device-specific issues are hard to test on anything >> except a pile of real devices - any suggestions for how to reduce the >> manual testing workload? > > I usually aim to test on one device from a major manufacturer, > especially ones that are known to customize their ROMs a lot (e.g. > Samsung). For a good survey, you have to use services like appthwack > that let you rent lots of devices by the hour. > > So my memory is coming back on the technical details of all this. It > seems that Apache Harmony/Android's implementation of sockets omitted > the SOCKS support, even though the docs said it was there. They added > it in some time recently, like 5.1 or maybe even 6.0. It would be good > to find a real reference to that so we know when we can count on it.
I didn't find a solid reference yet, but this test for me confirms that at least in terms of HttpURLConnection on android-22, SOCKS proxies do not work: URL url = new URL("https://facebookcorewwwi.onion"); Proxy proxy = new Proxy(Proxy.Type.SOCKS, new InetSocketAddress("127.0.0.1", 9050)); HttpURLConnection connection = (HttpURLConnection) url.openConnection(proxy); connection.setConnectTimeout(0); // blocking connect with TCP timeout connection.setReadTimeout(20000); connection.getContent(); assertEquals(200, connection.getResponseCode()); .hc -- PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556 https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556 _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: guardian-dev-unsubscr...@lists.mayfirst.org