From 725a4a71b8f2a5493628d87556c78860f66d2308 Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Tue, 12 May 2015 15:13:50 -0700 Subject: [PATCH] Start handshake before calling hostname verifier, part 2 If the hostname verifier calls SSLSocket#getSession() before the handshake has been started, it will implicitly start the handshake. However, it will swallow any errors and return the canonical invalid SSLSession instead. This makes it extremely difficult to debug issues. Instead start the handshake before calling into the verifier since we are guaranteed to be the first caller of #startHandshake() and won't cause a renegotiation. That will allow us to see the actual SSLHandshakeException if it occurs. Follow up for change 317c0a4959df0361431d5fbf7dacc162bfb48cd2 Bug: 21118659 Change-Id: I8c606a78ba8a990b4e0d28880b566867261fefbc --- core/java/org/apache/http/conn/ssl/SSLSocketFactory.java | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/core/java/org/apache/http/conn/ssl/SSLSocketFactory.java b/core/java/org/apache/http/conn/ssl/SSLSocketFactory.java index ae14149987cf0..250932be0f365 100644 --- a/core/java/org/apache/http/conn/ssl/SSLSocketFactory.java +++ b/core/java/org/apache/http/conn/ssl/SSLSocketFactory.java @@ -397,6 +397,14 @@ public class SSLSocketFactory implements LayeredSocketFactory { port, autoClose ); + // BEGIN android-added + /* + * Make sure we have started the handshake before verifying. + * Otherwise when we go to the hostname verifier, it directly calls + * SSLSocket#getSession() which swallows SSL handshake errors. + */ + sslSocket.startHandshake(); + // END android-added hostnameVerifier.verify(host, sslSocket); // verifyHostName() didn't blowup - good! return sslSocket;