commit 5648c97be2c515bdafeff3d8a4b07ea0ddc3e357
author Brian Carlstrom <bdc@google.com> Wed May 05 10:13:48 2010 -0700
committer Brian Carlstrom <bdc@google.com> Wed May 05 10:13:48 2010 -0700
tree 66f59c0c8763ef5e56b0d6cc32c241fc46230fc1
parent 2e9f166eba309e50c1c1f52ff8d2694f058ab2cf

Remove explicit SSLSocket.startHandshake

When dalvik-dev merges to master, startHandshake will imply that the
caller wants a fully synchronous handshake instead of using handshake
cutthrough. This removes an unnecessary startHandshake so that
handshake cutthrough won't be disabled for Apache http connections.

    This change brings Abstract verify into sync with the code from
    javax.net.ssl.DefaultHostnameVerifier from dalvik-dev which also
    removed this same duplicated code.

	src/org/apache/http/conn/ssl/AbstractVerifier.java

Change-Id: I505e27db97ce49d3c76b3a8af9046238149500d3

src/org/apache/http/conn/ssl/AbstractVerifier.java

diff --git a/src/org/apache/http/conn/ssl/AbstractVerifier.java b/src/org/apache/http/conn/ssl/AbstractVerifier.java
index 5195e58..e409db9 100644
--- a/src/org/apache/http/conn/ssl/AbstractVerifier.java
+++ b/src/org/apache/http/conn/ssl/AbstractVerifier.java
@@ -89,44 +89,7 @@
             throw new NullPointerException("host to verify is null");
         }
 
-        ssl.startHandshake();
         SSLSession session = ssl.getSession();
-        if(session == null) {
-            // In our experience this only happens under IBM 1.4.x when
-            // spurious (unrelated) certificates show up in the server'
-            // chain.  Hopefully this will unearth the real problem:
-            InputStream in = ssl.getInputStream();
-            in.available();
-            /*
-              If you're looking at the 2 lines of code above because
-              you're running into a problem, you probably have two
-              options:
-
-                #1.  Clean up the certificate chain that your server
-                     is presenting (e.g. edit "/etc/apache2/server.crt"
-                     or wherever it is your server's certificate chain
-                     is defined).
-
-                                           OR
-
-                #2.   Upgrade to an IBM 1.5.x or greater JVM, or switch
-                      to a non-IBM JVM.
-            */
-
-            // If ssl.getInputStream().available() didn't cause an
-            // exception, maybe at least now the session is available?
-            session = ssl.getSession();
-            if(session == null) {
-                // If it's still null, probably a startHandshake() will
-                // unearth the real problem.
-                ssl.startHandshake();
-
-                // Okay, if we still haven't managed to cause an exception,
-                // might as well go for the NPE.  Or maybe we're okay now?
-                session = ssl.getSession();
-            }
-        }
-
         Certificate[] certs = session.getPeerCertificates();
         X509Certificate x509 = (X509Certificate) certs[0];
         verify(host, x509);