Merge pull request android-async-http#819 from nullEuro/patch-1

smarek · smarek · commit b0d4fb746873 · 2015-03-04T14:34:31.000+01:00
Make SecureSocketFactory verify hostnames
diff --git a/sample/src/main/java/com/loopj/android/http/sample/util/SecureSocketFactory.java b/sample/src/main/java/com/loopj/android/http/sample/util/SecureSocketFactory.java
@@ -45,6 +45,7 @@
 import java.security.cert.X509Certificate;
 
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
 
@@ -166,7 +167,12 @@ public Socket createSocket(Socket socket, String host, int port, boolean autoClo
             throws IOException {
 
         injectHostname(socket, host);
-        return sslCtx.getSocketFactory().createSocket(socket, host, port, autoClose);
+        Socket sslSocket = sslCtx.getSocketFactory().createSocket(socket, host, port, autoClose);
+        
+        // throw an exception if the hostname does not match the certificate
+        getHostnameVerifier().verify(host, (SSLSocket) sslSocket);
+        
+        return sslSocket;
     }
 
     @Override
