Skip to content

Commit 51dfd5a

Browse files
smareksmarek
committed
Added warning about SSL bypass fix
1 parent 44e8213 commit 51dfd5a

File tree

1 file changed

+12
-7
lines changed

1 file changed

+12
-7
lines changed

library/src/com/loopj/android/http/AsyncHttpClient.java

Lines changed: 12 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919
package com.loopj.android.http;
2020

2121
import android.content.Context;
22+
import android.util.Log;
2223

2324
import org.apache.http.Header;
2425
import org.apache.http.HeaderElement;
@@ -104,6 +105,7 @@ public class AsyncHttpClient {
104105
private static final int DEFAULT_SOCKET_BUFFER_SIZE = 8192;
105106
private static final String HEADER_ACCEPT_ENCODING = "Accept-Encoding";
106107
private static final String ENCODING_GZIP = "gzip";
108+
private static final String LOG_TAG = "AsyncHttpClient";
107109

108110
private static int maxConnections = DEFAULT_MAX_CONNECTIONS;
109111
private static int socketTimeout = DEFAULT_SOCKET_TIMEOUT;
@@ -128,6 +130,8 @@ public AsyncHttpClient() {
128130
* @param fixNoHttpResponseException See issue https://github.com/loopj/android-async-http/issues/143
129131
*/
130132
public AsyncHttpClient(boolean fixNoHttpResponseException) {
133+
if(fixNoHttpResponseException)
134+
Log.d(LOG_TAG, "Beware! Using the fix is insecure, as it doesn't verify SSL certificates.");
131135
BasicHttpParams httpParams = new BasicHttpParams();
132136

133137
ConnManagerParams.setTimeout(httpParams, socketTimeout);
@@ -145,7 +149,7 @@ public AsyncHttpClient(boolean fixNoHttpResponseException) {
145149
// Fix to SSL flaw in API < ICS
146150
// See https://code.google.com/p/android/issues/detail?id=13117
147151
SSLSocketFactory sslSocketFactory;
148-
if(fixNoHttpResponseException)
152+
if (fixNoHttpResponseException)
149153
sslSocketFactory = MySSLSocketFactory.getFixedSocketFactory();
150154
else
151155
sslSocketFactory = SSLSocketFactory.getSocketFactory();
@@ -277,10 +281,10 @@ public void setTimeout(int timeout) {
277281
/**
278282
* Sets the Proxy by it's hostname and port
279283
*
280-
* @param hostname the hostname (IP or DNS name)
281-
* @param port the port number. -1 indicates the scheme default port.
284+
* @param hostname the hostname (IP or DNS name)
285+
* @param port the port number. -1 indicates the scheme default port.
282286
*/
283-
public void setProxy(String hostname, int port){
287+
public void setProxy(String hostname, int port) {
284288
final HttpHost proxy = new HttpHost(hostname, port);
285289
final HttpParams httpParams = this.httpClient.getParams();
286290
httpParams.setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy);
@@ -298,6 +302,7 @@ public void setSSLSocketFactory(SSLSocketFactory sslSocketFactory) {
298302

299303
/**
300304
* Sets the maximum number of retries for a particular Request.
305+
*
301306
* @param retries maximum number of retries per request
302307
*/
303308
public void setMaxRetries(int retries) {
@@ -350,8 +355,8 @@ public void setBasicAuth(String username, String password, AuthScope scope) {
350355

351356
/**
352357
* Removes set basic auth credentials
353-
* */
354-
public void clearBasicAuth(){
358+
*/
359+
public void clearBasicAuth() {
355360
this.httpClient.getCredentialsProvider().clear();
356361
}
357362

@@ -727,7 +732,7 @@ public void delete(Context context, String url, Header[] headers, AsyncHttpRespo
727732
*/
728733
public void delete(Context context, String url, Header[] headers, RequestParams params, AsyncHttpResponseHandler responseHandler) {
729734
HttpDelete httpDelete = new HttpDelete(getUrlWithQueryString(url, params));
730-
if(headers != null) httpDelete.setHeaders(headers);
735+
if (headers != null) httpDelete.setHeaders(headers);
731736
sendRequest(httpClient, httpContext, httpDelete, null, responseHandler, context);
732737
}
733738

0 commit comments

Comments
 (0)