HTTPCLIENT-1051: eliminated reverse DNS lookup when performing hostname verification for secure connections
git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1079783 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
0bd45f2b39
commit
a1f6685cd8
|
@ -0,0 +1,58 @@
|
||||||
|
/*
|
||||||
|
* ====================================================================
|
||||||
|
*
|
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
|
* contributor license agreements. See the NOTICE file distributed with
|
||||||
|
* this work for additional information regarding copyright ownership.
|
||||||
|
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||||
|
* (the "License"); you may not use this file except in compliance with
|
||||||
|
* the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
* ====================================================================
|
||||||
|
*
|
||||||
|
* This software consists of voluntary contributions made by many
|
||||||
|
* individuals on behalf of the Apache Software Foundation. For more
|
||||||
|
* information on the Apache Software Foundation, please see
|
||||||
|
* <http://www.apache.org/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.apache.http.conn;
|
||||||
|
|
||||||
|
import java.net.InetAddress;
|
||||||
|
import java.net.InetSocketAddress;
|
||||||
|
|
||||||
|
import org.apache.http.HttpHost;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Extended {@link InetSocketAddress} implementation that also provides access to the original
|
||||||
|
* {@link HttpHost} used to resolve the address.
|
||||||
|
*
|
||||||
|
* @since 4.2
|
||||||
|
*/
|
||||||
|
public class HttpInetSocketAddress extends InetSocketAddress {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = -6650701828361907957L;
|
||||||
|
|
||||||
|
private final HttpHost host;
|
||||||
|
|
||||||
|
public HttpInetSocketAddress(final HttpHost host, final InetAddress addr, int port) {
|
||||||
|
super(addr, port);
|
||||||
|
if (host == null) {
|
||||||
|
throw new IllegalArgumentException("HTTP host may not be null");
|
||||||
|
}
|
||||||
|
this.host = host;
|
||||||
|
}
|
||||||
|
|
||||||
|
public HttpHost getHost() {
|
||||||
|
return this.host;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -30,6 +30,7 @@ package org.apache.http.conn.ssl;
|
||||||
import org.apache.http.annotation.ThreadSafe;
|
import org.apache.http.annotation.ThreadSafe;
|
||||||
|
|
||||||
import org.apache.http.conn.ConnectTimeoutException;
|
import org.apache.http.conn.ConnectTimeoutException;
|
||||||
|
import org.apache.http.conn.HttpInetSocketAddress;
|
||||||
import org.apache.http.conn.scheme.HostNameResolver;
|
import org.apache.http.conn.scheme.HostNameResolver;
|
||||||
import org.apache.http.conn.scheme.LayeredSchemeSocketFactory;
|
import org.apache.http.conn.scheme.LayeredSchemeSocketFactory;
|
||||||
import org.apache.http.conn.scheme.LayeredSocketFactory;
|
import org.apache.http.conn.scheme.LayeredSocketFactory;
|
||||||
|
@ -387,7 +388,13 @@ public class SSLSocketFactory implements LayeredSchemeSocketFactory, LayeredSock
|
||||||
}
|
}
|
||||||
if (this.hostnameVerifier != null) {
|
if (this.hostnameVerifier != null) {
|
||||||
try {
|
try {
|
||||||
this.hostnameVerifier.verify(remoteAddress.getHostName(), sslsock);
|
String hostname;
|
||||||
|
if (remoteAddress instanceof HttpInetSocketAddress) {
|
||||||
|
hostname = ((HttpInetSocketAddress) remoteAddress).getHost().getHostName();
|
||||||
|
} else {
|
||||||
|
hostname = remoteAddress.getHostName();
|
||||||
|
}
|
||||||
|
this.hostnameVerifier.verify(hostname, sslsock);
|
||||||
// verifyHostName() didn't blowup - good!
|
// verifyHostName() didn't blowup - good!
|
||||||
} catch (IOException iox) {
|
} catch (IOException iox) {
|
||||||
// close the socket before re-throwing the exception
|
// close the socket before re-throwing the exception
|
||||||
|
|
|
@ -45,6 +45,7 @@ import org.apache.http.protocol.HttpContext;
|
||||||
|
|
||||||
import org.apache.http.conn.ConnectTimeoutException;
|
import org.apache.http.conn.ConnectTimeoutException;
|
||||||
import org.apache.http.conn.HttpHostConnectException;
|
import org.apache.http.conn.HttpHostConnectException;
|
||||||
|
import org.apache.http.conn.HttpInetSocketAddress;
|
||||||
import org.apache.http.conn.OperatedClientConnection;
|
import org.apache.http.conn.OperatedClientConnection;
|
||||||
import org.apache.http.conn.ClientConnectionOperator;
|
import org.apache.http.conn.ClientConnectionOperator;
|
||||||
import org.apache.http.conn.scheme.LayeredSchemeSocketFactory;
|
import org.apache.http.conn.scheme.LayeredSchemeSocketFactory;
|
||||||
|
@ -136,7 +137,7 @@ public class DefaultClientConnectionOperator implements ClientConnectionOperator
|
||||||
Socket sock = sf.createSocket(params);
|
Socket sock = sf.createSocket(params);
|
||||||
conn.opening(sock, target);
|
conn.opening(sock, target);
|
||||||
|
|
||||||
InetSocketAddress remoteAddress = new InetSocketAddress(address, port);
|
InetSocketAddress remoteAddress = new HttpInetSocketAddress(target, address, port);
|
||||||
InetSocketAddress localAddress = null;
|
InetSocketAddress localAddress = null;
|
||||||
if (local != null) {
|
if (local != null) {
|
||||||
localAddress = new InetSocketAddress(local, 0);
|
localAddress = new InetSocketAddress(local, 0);
|
||||||
|
|
Loading…
Reference in New Issue