HTTPCLIENT-1051: eliminated reverse DNS lookup when performing hostname verification for secure connections

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1079783 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Oleg Kalnichevski 2011-03-09 13:10:13 +00:00
parent 0bd45f2b39
commit a1f6685cd8
3 changed files with 68 additions and 2 deletions

View File

@ -0,0 +1,58 @@
/*
* ====================================================================
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.http.conn;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import org.apache.http.HttpHost;
/**
* Extended {@link InetSocketAddress} implementation that also provides access to the original
* {@link HttpHost} used to resolve the address.
*
* @since 4.2
*/
public class HttpInetSocketAddress extends InetSocketAddress {
private static final long serialVersionUID = -6650701828361907957L;
private final HttpHost host;
public HttpInetSocketAddress(final HttpHost host, final InetAddress addr, int port) {
super(addr, port);
if (host == null) {
throw new IllegalArgumentException("HTTP host may not be null");
}
this.host = host;
}
public HttpHost getHost() {
return this.host;
}
}

View File

@ -30,6 +30,7 @@ package org.apache.http.conn.ssl;
import org.apache.http.annotation.ThreadSafe; import org.apache.http.annotation.ThreadSafe;
import org.apache.http.conn.ConnectTimeoutException; import org.apache.http.conn.ConnectTimeoutException;
import org.apache.http.conn.HttpInetSocketAddress;
import org.apache.http.conn.scheme.HostNameResolver; import org.apache.http.conn.scheme.HostNameResolver;
import org.apache.http.conn.scheme.LayeredSchemeSocketFactory; import org.apache.http.conn.scheme.LayeredSchemeSocketFactory;
import org.apache.http.conn.scheme.LayeredSocketFactory; import org.apache.http.conn.scheme.LayeredSocketFactory;
@ -387,7 +388,13 @@ public class SSLSocketFactory implements LayeredSchemeSocketFactory, LayeredSock
} }
if (this.hostnameVerifier != null) { if (this.hostnameVerifier != null) {
try { try {
this.hostnameVerifier.verify(remoteAddress.getHostName(), sslsock); String hostname;
if (remoteAddress instanceof HttpInetSocketAddress) {
hostname = ((HttpInetSocketAddress) remoteAddress).getHost().getHostName();
} else {
hostname = remoteAddress.getHostName();
}
this.hostnameVerifier.verify(hostname, sslsock);
// verifyHostName() didn't blowup - good! // verifyHostName() didn't blowup - good!
} catch (IOException iox) { } catch (IOException iox) {
// close the socket before re-throwing the exception // close the socket before re-throwing the exception

View File

@ -45,6 +45,7 @@ import org.apache.http.protocol.HttpContext;
import org.apache.http.conn.ConnectTimeoutException; import org.apache.http.conn.ConnectTimeoutException;
import org.apache.http.conn.HttpHostConnectException; import org.apache.http.conn.HttpHostConnectException;
import org.apache.http.conn.HttpInetSocketAddress;
import org.apache.http.conn.OperatedClientConnection; import org.apache.http.conn.OperatedClientConnection;
import org.apache.http.conn.ClientConnectionOperator; import org.apache.http.conn.ClientConnectionOperator;
import org.apache.http.conn.scheme.LayeredSchemeSocketFactory; import org.apache.http.conn.scheme.LayeredSchemeSocketFactory;
@ -136,7 +137,7 @@ public class DefaultClientConnectionOperator implements ClientConnectionOperator
Socket sock = sf.createSocket(params); Socket sock = sf.createSocket(params);
conn.opening(sock, target); conn.opening(sock, target);
InetSocketAddress remoteAddress = new InetSocketAddress(address, port); InetSocketAddress remoteAddress = new HttpInetSocketAddress(target, address, port);
InetSocketAddress localAddress = null; InetSocketAddress localAddress = null;
if (local != null) { if (local != null) {
localAddress = new InetSocketAddress(local, 0); localAddress = new InetSocketAddress(local, 0);